195539 matches found
Open WebUI 访问控制错误漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Prior to Open WebUI 0.9.0, there was an access control vulnerability. This vulnerability stemmed from the /responses endpoint in the OpenAI router, which accepted any authenticated user and directly...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from FolderForm using modelconfig = ConfigDictextra=allow, which allowed arbitrary fields to ...
APM – Agent Package Manager 后置链接漏洞
APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. In versions 0.5.4 to 0.12.4 of APM, there was a post-link vulnerability. This vulnerability stemmed from calls to functions like Path.glob and Path.rglob, which followed symbolic links. As a...
APM – Agent Package Manager 路径遍历漏洞
APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. Versions of APM prior to 0.8.12 contained a path traversal vulnerability. This vulnerability stemmed from the lack of verification that the plugin paths were within the plugin directory, whic...
ws 安全漏洞
WS is a Node.js WebSocket library open source under WebSockets. Versions of WS prior to 8.20.1 contained a security vulnerability, which stemmed from an initialization memory leak when TypedArray was used as a reason parameter in the websocket.close implementation...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the getdumpable logic in ptrace, potentially leading to permission-related...
MLflow 安全漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contain security vulnerabilities. These vulnerabilities stem fr...
AMD Processors 安全漏洞
AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, stemming from the TOCTOU issue. These vulnerabilities may allow attackers to repeatedly load registers, leading to race conditions and potentially causi...
AMD Ryzen和AMD Athlon 安全漏洞
AMD Ryzen and AMD Athlon are both products of American semiconductor company AMD. AMD Ryzen is a type of Central Processing Unit CPU. AMD Athlon is a series of microprocessors. Both AMD Ryzen and AMD Athlon have security vulnerabilities. These vulnerabilities stem from improper protection of...
Disc Soft DAEMON Tools Lite 安全漏洞
Disc Soft DAEMON Tools Lite is a software developed by Disc Soft that supports the mounting of disc images and the creation of virtual drives along with image file management. Versions 12.5.0.2421 to 12.5.0.2434 of Disc Soft DAEMON Tools Lite contain security vulnerabilities. These vulnerabilitie...
AMD Chipset 缓冲区错误漏洞
The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains a buffer error vulnerability, which stems from out-of-bounds writing. This vulnerability could allow attackers to execute arbitrary code with elevated privileges, resulting in losses...
Medical Management System 访问控制错误漏洞
Medical Management System is a pharmacy management system developed by zhuozou. There is an access control vulnerability in Medical Management System, which stems from insecure permission settings, potentially allowing any user to reset their password...
Trog::TOTP 安全特征问题漏洞
Trog::TOTP is a Perl module developed by TEODESIAN’s individual developers, which supports time-based one-time password generation and two-factor authentication. Versions of Trog::TOTP prior to 1.006 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Pe...
AMD Ryzen 安全漏洞
The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have security vulnerabilities, which stem from buffer overflow attacks. These vulnerabilities may allow local attackers to write beyond the bounds of the system, resulting in...
AMD Chipset 安全漏洞
The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities; these vulnerabilities stem from the lack of checking return values, which may allow attackers to read or modify arbitrary addresses, resulting in losses related...
WordPress plugin Quick Playground 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Schlix CMS 代码注入漏洞
Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. Version 2.2.6-6 of Schlix CMS has a code injection vulnerability. This vulnerability stems from a remote code execution issue, allowing authenticated attackers to execute arbitrary P...
AMD多款产品 安全漏洞
The AMD Instinct MI210 and AMD Instinct MI250 are both GPU acceleration cards developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper handling of insufficient permissions, which may allow attackers to provide...
Rapid7 Metasploit Pro 访问控制错误漏洞
Rapid7 Metasploit Pro is a penetration testing software developed by Rapid7, Inc. Rapid7 Metasploit Pro has a access control vulnerability. This vulnerability arises from the Metasploit PostgreSQL service attempting to load OpenSSL configuration files from a non-existent directory that is writabl...
AMD Chipset 安全漏洞
The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities, which stem from incorrect default permissions. These vulnerabilities could allow attackers to gain elevated privileges and execute arbitrary code...
AMD多款产品 缓冲区错误漏洞
The AMD Instinct MI300A is a GPU acceleration card developed by American semiconductor company AMD. Several AMD products have a buffer error vulnerability, which stems from out-of-bounds read operations. This vulnerability may allow authorized attackers to access a small portion of memory beyond...
WordPress plugin Classified Listing – AI-Powered Classified ads & Business Directory Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
vorbis-tools 安全漏洞
Vorbis-tools is an open-source command-line tool developed by the Xiph.Org Foundation for creating and playing Ogg Vorbis files. Version 1.4.3 of vorbis-tools contains a security vulnerability. This vulnerability stems from the remotethread function in the ogg123 tool, which experiences a stack...
oinone-pamirs 代码问题漏洞
Oinone-Pamirs is an AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains code vulnerabilities. These vulnerabilities stem from the XML parsing logic based on XStream. When attacker-controlled XML is passed to the framework’s parsing points, such as...
Turborepo 跨站请求伪造漏洞
Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo prior to 2.9.14 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of validation of the CSRF status value on the localhost callback in t...
BlueNoteMKVI PHP Timeclock SQL注入漏洞
BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of BlueNoteMKVI PHP Timeclock contains a SQL injection vulnerability. This vulnerability stems from the loginuserid parameter in the...
WordPress plugin Form Notify 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
OpenMRS 代码注入漏洞
OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...
WordPress plugin Smartcat Translator for WPML 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin NEX-Forms – Ultimate Forms Plugin SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
AMD Chipset 缓冲区错误漏洞
The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains a buffer error vulnerability, which stems from improper input validation. This vulnerability may allow local attackers to write beyond the bounds of the system, leading to an increase in...
AMD Radeon PRO V710 安全漏洞
The AMD Radeon PRO V710 is a high-performance graphics card produced by AMD, a US-based semiconductor company. The AMD Radeon PRO V710 contains a security vulnerability, which stems from improper isolation. This vulnerability may allow privileged attackers in malicious guest virtual machines to...
AMD Radeon 输入验证错误漏洞
AMD Radeon is a set of device driver and utility software developed by American semiconductor company AMD, used for Advanced Micro Devices graphics cards and GPUs. AMD Radeon has a vulnerability related to input validation. This vulnerability arises from improper validation, which may allow...
Vim 操作系统命令注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim. Prior to Vim 9.2.0479, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the use of the shellescape tartail for constructing commands when the tarVimuntar function decompress...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.3 contained security vulnerabilities. These vulnerabilities stemmed from the POST /api/v1/notes/id/pin endpoint performing write operations but only checking read...
AMD多款产品 缓冲区错误漏洞
The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. Several AMD products have a buffer error vulnerability, which stems from improper input validation. This vulnerability may allow local attackers to read data beyond its scope, resulting in information...
DHTMLX Gantt 路径遍历漏洞
DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...
AMD Processors 资源管理错误漏洞
AMD Processors are a series of processors developed by American semiconductor company AMD. There is a resource management vulnerability in AMD Processors, which stems from improper input validation. This vulnerability may allow local attackers to trigger a reuse of freed resources, resulting in...
AMD Graphics Driver 安全漏洞
AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from the unlimited binding of IP addresses. This vulnerability could allow remote attackers to make unauthorized changes to G...
Turborepo 代码问题漏洞
Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo from 1.1.0 to 2.9.14 contained code vulnerabilities. These vulnerabilities stemmed from the package manager executing yarn --version during detection, which could lead to the loadin...
AMD RAID Driver 安全漏洞
The AMD RAID Driver is a low-level hardware driver developed by American semiconductor company AMD. The AMD RAID Driver contains a security vulnerability, which stems from improper input validation. This vulnerability may allow attackers to target any memory location, potentially leading to...
phpMyFAQ SQL注入漏洞
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 had an SQL injection vulnerability. This vulnerability stems from the SQL injection in the CurrentUser::setTokenData function, which could allow authenticated attackers to execu...
Gitsign 信任管理问题漏洞
Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign prior to 0.16.0 contained a trust management vulnerability. This vulnerability stemmed from the fact that gitsign verify and gitsign verify-tag re-encoded the...
Fujitsu Musetheque V4 跨站请求伪造漏洞
Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Versions of Fujitsu Musetheque V4 prior to rev2203.0 contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site...
Microsoft Edge 输入验证错误漏洞
Microsoft Edge is a web browser included with Windows 10 and later versions of the Microsoft operating system. There is a vulnerability in input validation of Microsoft Edge. Attackers can exploit this vulnerability to bypass certain features...
WordPress plugin Notify Odoo 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
AMD Graphics Driver 安全漏洞
AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from insufficient parameter cleaning. This vulnerability could allow attackers to send a corrupted...
Podcast Generator 跨站脚本漏洞
Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.1 of Podcast Generator has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which may allow authenticated attackers to inject...
WordPress plugin The7 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
coreMQTT Client Library 缓冲区错误漏洞
The coreMQTT Client Library is a lightweight client communication library developed under the FreeRTOS open source project. Versions of the coreMQTT Client Library prior to 5.0.1 contained a buffer error vulnerability. This vulnerability stems from the lack of boundary validation in the MQTT v5.0...