195539 matches found
Vvveb 跨站脚本漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.1 had a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the author field in comment...
Gitsign 输入验证错误漏洞
Gitsign is a tool developed by Gitsign’s developers that allows for signing Git commits without the need for a key. Versions of Gitsign from 0.4.0 to 0.15.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from the CertVerifier.Verify method, which...
magento-lts 安全特征问题漏洞
Magento LTS is an open-source alternative to OpenMage, designed as a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities. These vulnerabilities stemmed from the XML-RPC/SOAP API session IDs using time-based, outdated...
smtp-server 资源管理错误漏洞
smtp-server is an open-source Node.js module developed by nodemailer, used to create SMTP and LMTP server instances. Versions of smtp-server prior to 3.18.3 contained a resource management vulnerability. This vulnerability stemmed from issues with the SMTPStream.write and lib/smtp-stream.js...
Imager::File::GIF 缓冲区错误漏洞
Imager::File::GIF is a Perl image module developed by Tony Cook, which supports the reading, writing, and processing of GIF images. Versions of Imager::File::GIF 1.002 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the ireadgifmultilow function, which allocate...
Radare2 资源管理错误漏洞
Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Version 6.1.5 of Radare2 contains a resource management vulnerability. This vulnerability stems from the reuse of resources after they are released in the gdbrthreadslist function. It could allow remote attacke...
WordPress plugin WPGraphQL 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
Google Cloud Application Integration 安全漏洞
Google Cloud Application Integration is a cloud-based integration platform offered by Google Inc., which supports cross-applicational connections, process orchestration, and API integration. Versions of Google Cloud Application Integration prior to version 2026-01-23 contained security...
AMD Secure Processor 安全漏洞
The AMD Secure Processor ASP is an independent ARM Coretex-A5 chip developed by the American semiconductor company AMD. The AMD Secure Processor ASP has a security vulnerability that stems from improper input validation. This vulnerability may allow local attackers to create buffer overflow...
AMD Chipset 安全漏洞
The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities. These vulnerabilities stem from the ability to execute code within non-SMM trustable memory. This could allow high-privilege attackers to trigger the execution ...
DHTMLX Gantt 操作系统命令注入漏洞
DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Prior to version 0.7.6, DHTMLX Gantt had an operating system command injection vulnerability. This vulnerability stemmed from a lack of da...
AMD Graphics Driver 安全漏洞
AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver. This vulnerability stems from concurrent asynchronous access to the global variable amdgvcmd during the ioctl path, which leads to race...
oinone-pamirs 命令注入漏洞
Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a command injection vulnerability. This vulnerability stems from the CommandHelper.executeCommands method, which initiates shell processes and directly writes the...
AMD Chipset 安全漏洞
The AMD Chipset is a series of chips developed by American semiconductor company AMD. The AMD Chipset contains security vulnerabilities; these vulnerabilities stem from the use of uninitialized resources, which may allow attackers to access uninitialized kernel memory, resulting in losses related...
AMD Graphics Driver 缓冲区错误漏洞
AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver contains a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing local users to gain elevated privileges through remote code execution...
AMD Ryzen 缓冲区错误漏洞
The AMD Ryzen is a central processing unit CPU developed by American semiconductor company AMD. The AMD Ryzen has a buffer error vulnerability, which stems from out-of-bounds reading. This vulnerability could allow malicious local attackers with low privileges to cause losses related to...
Delphix Continuous Data 操作系统命令注入漏洞
Delphix Continuous Data is a platform from the American company Delphix that supports data virtualization, continuous data delivery, and database environment management. Delphix Continuous Data has a vulnerability related to operating system command injection, which stems from improper input...
Huawei HarmonyOS 授权问题漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has vulnerabilities related to authorization control, which may affect the confidentiality of services...
Open WebUI 代码问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 had code vulnerabilities. These vulnerabilities stemmed from the processpictureurl function, which extracted arbitrary URLs from OAuth image claims without...
Cockpit CMS 跨站脚本漏洞
Cockpit CMS is an open-source headless content management system developed by Cockpit. Versions of Cockpit CMS 2.14.0 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the use of the $interpolate function in template strings within the Display template options,...
Huawei EMUI和Huawei HarmonyOS 缓冲区错误漏洞
Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...
Tabby 安全漏洞
Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby Terminus prior to version 1.0.233 contain security vulnerabilities. These vulnerabilities stem from the lack of escaping control characters when draggin...
Huawei EMUI和Huawei HarmonyOS 安全漏洞
Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from the issue of reusing freed resources after release. This...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the open-source Open WebUI framework. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the ydoc:document:update Socket.IO event handler, which checke...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Utils::parseUrl function, which allowed authenticated users to inject JavaScript through...
GitHub CLI 安全漏洞
GitHub CLI is an open-source command-line interface for GitHub. Versions of GitHub CLI from 1.6.0 to 2.92.0 contained a security vulnerability. This vulnerability stemmed from the lack of cleaning terminal control sequences when processing GitHub Actions workflow logs. It could allow attackers to...
libjwt 加密问题漏洞
LibJWT is a C-language library developed by Ben Collins, designed for generating and verifying JSON Web Tokens. Versions 3.0.0 to 3.3.2 of LibJWT contain vulnerabilities related to encryption. These vulnerabilities arise from accepting RSA JWKs without an alg parameter as the verification key for...
WWW::Mechanize::Cached 代码问题漏洞
WWW::Mechanize::Cached is an open-source module developed by libwww-perl for the Perl language, serving as an extension to WWW::Mechanize. Versions of WWW::Mechanize::Cached prior to version 2.00 contained code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize HTTP...
Traefik 访问控制错误漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in Huawei HarmonyOS, which stems from issues with permission control, potentially affecting the...
Tabby 操作系统命令注入漏洞
Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby before 1.0.233 contained an operating system command injection vulnerability. This vulnerability stemmed from the tabby:// URL scheme handler executing ...
Apache::Session::Generate::SHA256 安全特征问题漏洞
Apache::Session::Generate::SHA256 is a session management module developed by the Apache Foundation. Versions of Apache::Session::Generate::SHA256 prior to 1.3.19 contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The use of the built-in rand...
Microsoft Edge 输入验证错误漏洞
Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a vulnerability in input validation of Microsoft Edge. Attackers can exploit this vulnerability to execute code remotely...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of authorization for the DELETE /admin/api/content/tags/tagId endpoint. As a result, any...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the backend admin/auth-token endpoint, which...
WordPress plugin WP Super Edit 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...
Open WebUI 授权问题漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the Open WebUI open source project. Versions of Open WebUI prior to 0.9.0 had an authorization vulnerability. This vulnerability stemmed from the LDAP authentication endpoint failing to verify that the submitt...
AMD Graphics Driver 访问控制错误漏洞
AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver contains a access control error vulnerability, which stems from improper isolation. This vulnerability may allow malicious guest virtual machines or processes to gain...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup order in the Banner component, leading to storage-based cross-site...
Mathesar 安全漏洞
Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...
Huawei HarmonyOS 竞争条件问题漏洞
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. Huawei HarmonyOS has a vulnerability related to permission control, which may affect its usability due to issues with permissions...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a security vulnerability in HUAWEI HarmonyOS, which stems from issues with the permission control of the...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints, which accepted...
Tabby 安全漏洞
Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions of Tabby prior to 1.0.232 contained security vulnerabilities. These vulnerabilities stemmed from the terminal linker not verifying protocol schemes, which could...
Turborepo 命令注入漏洞
Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo 2.9.14000 and earlier contained a command injection vulnerability. This vulnerability stemmed from the LSP VS Code extension using string-based commands to execute Turborepo’s daemo...
AMD Graphics Driver 安全漏洞
AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from insufficient parameter cleaning. This vulnerability may allow attackers to send a format-errors...
Tabby 操作系统命令注入漏洞
Tabby Terminus is a highly configurable terminal emulator, SSH, and serial client developed by Eugene’s individual developers. Versions prior to Tabby 1.0.233 contained an operating system command injection vulnerability. This vulnerability stemmed from the automatic detection of the ZMODEM...
Open WebUI 安全漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the isuserchannelmember function, which checked whether the...