195539 matches found
Nordex N149/4.0-4.5 Wind Turbine Web Server SQL注入漏洞
The Nordex N149/4.0-4.5 Wind Turbine Web Server is a web server component developed by the German company Nordex, used for remote monitoring and management of the Nordex N149 wind turbine system. The 4.0 version of the Nordex N149/4.0-4.5 Wind Turbine Web Server has a SQL injection vulnerability...
oinone-pamirs 注入漏洞
Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier had a SQL injection vulnerability. This vulnerability stems from the queryListByWrapper interface’s RSQLToSQLNodeConnector.makeVariable function, which allows for SQL...
REDAXO-AddOn: MyEvents SQL注入漏洞
REDAXO-AddOn: MyEvents is a multilingual event management plugin developed by Joachim Wendenburg. Version 2.2.1 of REDAXO-AddOn: MyEvents contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the myeventsid parameter, potentially allowing authenticated...
GitBucket 访问控制错误漏洞
GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...
Joomla JoomOCShop 跨站请求伪造漏洞
Joomla JoomOCShop is an open-source extension for Joomla that supports the integration of Joomla and OpenCart. Version 1.0 of Joomla JoomOCShop contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, which may allow attackers to perform...
Beetl 输入验证错误漏洞
Beetl is a high-speed template engine developed by xiandafu’s individual developers. Versions of Beetl 3.20.2 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of special elements within expression language statements in th...
JoomSky Joomla! Component Js Jobs 跨站请求伪造漏洞
JoomSky Joomla! Component Js Jobs is a human resources component developed by JoomSky Corporation, designed for publishing job listings, managing positions, and facilitating job applications on Joomla websites. Version 1.2.0 of JoomSky Joomla! Component Js Jobs contains a cross-site request...
H2O 信息泄露漏洞
H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 7402 and earlier contained a vulnerability known as information leakage, which originated from the importFiles function in the PersistNFS.java file within the ImportFile API...
H2O 安全漏洞
H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O such as h2o-3 7402 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control in the exec function of the AstSetProperty.java file withi...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbisubscriptiondataadd and ogssbinfserviceadd functions i...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbiclientadd function in the library/lib/sbi/client.c...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NRF component’s...
Net::Statsd::Tiny 注入漏洞
Net::Statsd::Tiny is a lightweight StatsD client developed by Robert Rothenberg, which supports the aggregation of multiple metrics. Versions of Net::Statsd::Tiny prior to 0.3.8 had an injection vulnerability. This vulnerability stemmed from the lack of checks for line breaks, colons, or vertical...
Crypt::OpenSSL::PKCS12 缓冲区错误漏洞
Crypt::OpenSSL::PKCS12 is an open-source cryptographic extension module developed by Dan Sully for the Perl language. It primarily provides interface calls to the OpenSSL PKCS12 API. Versions of Crypt::OpenSSL::PKCS12 up to 1.94 contained a buffer error vulnerability. This vulnerability arises wh...
hive 路径遍历漏洞
Hive is a multi-agent workflow execution engine developed by Aden. Versions of Hive prior to 0.11.0 contained a path traversal vulnerability. This vulnerability stemmed from the readeventstail function in the Delete Request Handler component, where the routessessions.py file exhibited path...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from the ranuefindbyamfuengapid function in the context.c file of the...
Bylancer Zechat SQL注入漏洞
Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from the v parameter being subject to SQL injecti...
Bert-VITS2 路径遍历漏洞
Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability, which stems from the getallmodels function in the hiyoriUI.py file within the Model Handler component. Attackers could potentially exploit this vulnerability remotely...
Investintech SlimPDF Reader 缓冲区错误漏洞
Investintech SlimPDF Reader is a free PDF reader and viewer provided by the Canadian company Investintech. Versions of Investintech SlimPDF Reader 2.0.13 and earlier contain a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the sub3B4610 function within the...
WordPress plugin Simple Fields 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
Joomla jCart for OpenCart 跨站请求伪造漏洞
Joomla jCart for OpenCart is an open-source extension that integrates Joomla with OpenCart. It’s a e-commerce shopping cart extension. Version 2.3.0.2 of Joomla jCart for OpenCart contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery,...
TP-Link TL-WR720N 跨站请求伪造漏洞
The TP-Link TL-WR720N is a home wireless router by TP-Link Corporation, which supports wireless network sharing and routing functions. The TP-Link TL-WR720N has a cross-site request forgery vulnerability. This vulnerability arises from cross-site request forgery attacks, allowing attackers to...
H3C Magic B3 缓冲区错误漏洞
H3C Magic B3 is a wireless router produced by H3C Corporation in China. The H3C Magic B3 100R002 and earlier versions had a buffer overflow vulnerability. This vulnerability stemmed from improper handling of the parameter “param” in the UpdateWanParams function within the /goform/aspForm file,...
Open5GS 缓冲区错误漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a buffer error vulnerability. This vulnerability stems from the reuse of a resource after it has been released in the...
WordPress plugin Peugeot Music 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Alloksoft AVI DivX MPEG to DVD Converter 安全漏洞
Alloksoft AVI DivX MPEG to DVD Converter is a multimedia conversion tool developed by Alloksoft Corporation, capable of converting video formats such as AVI, DivX, and MPEG, as well as creating DVDs. Version 2.6.1217 of Alloksoft AVI DivX MPEG to DVD Converter contains a security vulnerability...
Kalcaddle Kodbox 注入漏洞
Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle. Versions of Kalcaddle Kodbox prior to 1.64 have a injection vulnerability. This vulnerability stems from the improper handling of the parameter fmpegBin in the parseVideoInfo function of t...
PublicCMS 加密问题漏洞
PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version PublicCMS 5.202506.d contains a security vulnerability related to encryption. This vulnerability stems from the getSignKey function in the...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogssbinfinstancesetid function in the...
Bylancer Zechat SQL注入漏洞
Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from SQL injections in the hashtag parameter,...
Bylancer Zechat 跨站请求伪造漏洞
Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat contains a cross-site request forgeing vulnerability. This vulnerability allows attackers to bypass anti-CSRF...
WordPress plugin WP with Spritz 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Bert-VITS2 路径遍历漏洞
Bert-VITS2 is a core text-to-speech model developed by Fish Audio. Bert-VITS2 has a path traversal vulnerability. This vulnerability stems from the improper handling of the datadir parameter in the generateconfig function of the Gratuit Interface component, resulting in path traversal. Attackers...
oinone-pamirs 路径遍历漏洞
Oinone-Pamirs is an open-source AI-driven low-code development framework by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the request.getParameter function in the RestController component’s LocalFileClient.java file,...
PublicCMS 安全漏洞
PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from a business logic error in the...
Vercel AI SDK 资源管理错误漏洞
Vercel AI SDK is a JavaScript SDK provided by Vercel that supports the integration of large language models, streaming responses, and AI application development. Vercel AI SDK versions 3.0.97 and earlier contain a resource management vulnerability. This vulnerability stems from the functions...
CAAL 代码问题漏洞
CAAL is a self-hosted voice assistant developed by CoreWorxLab, ensuring data and keys are secure. Versions of CAAL 1.6.0 and earlier contain code vulnerabilities. These vulnerabilities stem from unknown functions in the src/caal/webhooks.py file within the test-hass endpoint, which involve...
ACL Analytics 代码注入漏洞
ACL Analytics is a data analysis platform provided by ACL Corporation, which supports audit analysis, data mining, and risk monitoring. Versions 11.x to 13.0.0.579 of ACL Analytics have a code injection vulnerability. This vulnerability stems from the use of the EXECUTE function, which may allow...
WordPress plugin Google Drive 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
oinone-pamirs 输入验证错误漏洞
Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Versions of Oinone-Pamirs 7.2.0 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a deserialization issue in the JsonUtils.parseMap function within the...
Metasoft MetaCRM 访问控制错误漏洞
Metasoft MetaCRM is a customer relationship management system software developed by Metasoft, a Chinese company. Versions of Metasoft MetaCRM 6.4.0 Beta06 and earlier contained a access control error vulnerability. This vulnerability stemmed from an improper handling of the File parameter by an...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the ogssbidiscoveryoptionparseplmnlist function...
Kilo Code 信息泄露漏洞
Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a vulnerability known as information leakage. This vulnerability stemmed from improper handling of the parameter KILOCONFIGCONTENT in the Load function of the Environment...
WooCommerce 路径遍历漏洞
WooCommerce is an open-source e-commerce platform built on WordPress by WooCommerce Inc. Version 3.3.6 of WooCommerce has a path traversal vulnerability. This vulnerability allows any registered user to submit unescaped file names through the deleteexportfile AJAX operation, potentially leading t...
PublicCMS 安全漏洞
PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from the improper handling of the templateContent parameter in the execute...
Zenar Content Management System 跨站脚本漏洞
Zenar Content Management System is a set of open-source content management systems developed by the Zenar team. The Zenar Content Management System has a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting, which allows unauthenticated attackers to inject...
H2O 输入验证错误漏洞
H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 7402 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a deserialization issue in the importBinaryModel function of the...
Kilo Code 路径遍历漏洞
Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of parameters File in the Bun.file function within the File Diff API Endpoint component...
Z-BlogPHP 安全漏洞
Z-BlogPHP is an open-source PHP-based blog system developed by the Z-Blog community. Version Z-BlogPHP 1.7.4.3430 contains a security vulnerability. This vulnerability stems from an improper authorization in the CheckComment function of the commend Approval Handler component’s csystemevent.php...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogstimeradd function in the nausf-handler.c file within the...