195539 matches found
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.0 to 18.9.7, 18.10...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 9.0 to 18.9.7, a...
Yordam Library Automation System 安全漏洞
Yordam Library Automation System is an application developed by Yordam Corporation. Versions of the Yordam Library Automation System from v.21.6 to v.22.1 had security vulnerabilities. These vulnerabilities were caused by user-controlled keys that allowed unauthorized access to authorization...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...
HRConvert2 操作系统命令注入漏洞
HRConvert2 is a self-hosted, drag-and-drop file conversion and sharing tool developed by Justin Grimes. Versions of HRConvert2 prior to 3.3.8 had an operating system command injection vulnerability. This vulnerability stemmed from the sanitizeString function not filtering escaped quotes and tabs,...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from an unlimited file upload feature in the plugin...
Cisco Catalyst SD-WAN Manager和Cisco Catalyst SD-WAN Controller 授权问题漏洞
Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage and Cisco Catalyst SD-WAN Controller are both products of the American company Cisco. Cisco Catalyst SD-WAN Manager is a highly customizable dashboard that can simplify and automate the deployment, configuration, management, and operation of Cisc...
soundcloud-rpc 输入验证错误漏洞
soundcloud-rpc is a music client developed by Richard Habitzreuter, which supports Discord state synchronization and ad blocking. Versions of soundcloud-rpc prior to 0.1.8 had a vulnerability related to input validation errors. This vulnerability stemmed from the execution of song titles containi...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE from 15.1 ...
WordPress plugin Meta Field Block 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Foscam VD1 Video Doorbell 安全漏洞
The Foscam VD1 Video Doorbell is a smart video doorbell from the American company Foscam, capable of supporting high-definition video surveillance and two-way voice communication. Versions of the Foscam VD1 Video Doorbell prior to V5.3.131072 contained security vulnerabilities. These...
PostgreSQL 安全漏洞
PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Vulnerabilities existed in versions prior to PostgreSQL 18.4,...
Gotenberg 代码问题漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained code vulnerabilities. These vulnerabilities stemmed from the Chromium URL-to-PDF endpoint, which lacked defaul...
OneDev 路径遍历漏洞
OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...
Katalyst Koi 代码问题漏洞
Katalyst Koi is an open-source framework developed by Katalyst Interactive for building and managing backend features. Versions of Katalyst Koi prior to 4.20.0 and 5.6.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the administrator session cookie did not expir...
AMD Processors 安全漏洞
AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from improper permission management. These vulnerabilities could allow attackers to exchange tokens and download sensitive keys, enabling...
Universal Tool Calling Protocol 操作系统命令注入漏洞
Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained a vulnerability related to operating system command injection. This vulnerability stemmed from the substituteutcpargs method...
PyTorch Lightning 安全漏洞
PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...
Tuist 安全漏洞
Tuist is an open-source platform for team collaboration and performance optimization in Swift application development. Tuist versions 1.180.8 and earlier have security vulnerabilities. These vulnerabilities stem from the DELETE endpoint not verifying whether the preview belongs to an item within...
ex_webrtc 信任管理问题漏洞
exwebrtc is an open-source WebRTC library based on Elixir language, developed by Elixir WebRTC. Versions of exwebrtc prior to 0.15.1 and 0.16.1 contained a trust management vulnerability. This vulnerability stemmed from the lack of peer certificate fingerprint verification in the DTLS client role...
ZITADEL 注入漏洞
ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 2.71.11 up to 3.4.10, as well as version 4.15.0, had a vulnerability related to injection attacks. This vulnerability stemmed from improper escaping of user-provided...
Tuist 安全漏洞
Tuist is an open-source platform for team collaboration and performance optimization in Swift application development. Versions of Tuist prior to 1.180.10 contained security vulnerabilities. These vulnerabilities stemmed from the lack of server-side rate limiting in the forgot password process,...
MCP Registry 安全漏洞
MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.9 contained security vulnerabilities. These vulnerabilities stemmed from OCI ownership verification skipping tag matching checks during HTTP 429 requests, which...
Guardian 访问控制错误漏洞
Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.1 and earlier contained an access control vulnerability. This vulnerability stemmed from a authentication bypass in the GET /api/v1/demo/registered-users endpoint, which cou...
MCP Registry 代码问题漏洞
MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.7 contained code vulnerabilities. These vulnerabilities stemmed from HTTP-based namespace verification, which used safeDialContext to dial private/internal...
Crabbox 代码注入漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained a code injection vulnerability. This vulnerability stemmed from a lax list of allowed environment variables, allowing attackers who access...
MCP Registry 代码问题漏洞
MCP Registry is an open-source MCP server application store developed by Model Context Protocol. Versions of MCP Registry prior to 1.7.6 contained code-related vulnerabilities. These vulnerabilities stemmed from the OIDC process on both the client and server sides being tied only to a global...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from...
OpenImageIO 安全漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained security vulnerabilities. These vulnerabilities were caused by...
OpenImageIO 输入验证错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a input validation vulnerability. This vulnerability stemmed from the...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from the RLE...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from the...
Silicon Labs RS9116 SDK 安全漏洞
Silicon Labs RS9116 SDK is an embedded development toolkit developed by Silicon Labs Corporation for wireless connectivity modules. The Silicon Labs RS9116 SDK has a security vulnerability, which stems from the time limit of HRNG when power saving mode is enabled, resulting in predictable values...
Fleet 操作系统命令注入漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a...
Fleet 输入验证错误漏洞
Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Prior to Fleet 4.81.0, there was a vulnerability relate...
SiYuan 跨站脚本漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability occurred because the Bazaar marketplace rendered field names and version fields without proper HTML escaping, whi...
SiYuan 授权问题漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for the POST /api/tag/getTag endpoint, which cou...
Live Helper Chat 安全漏洞
Live Helper Chat is an open-source plugin developed by Live Helper Chat developers, designed to provide chat functionality for web platforms. Version 4.84 of Live Helper Chat contains a security vulnerability. This vulnerability stems from the REST API chat update endpoint, which allows users to...
Gradient 访问控制错误漏洞
Gradient is a modern Nix continuous integration system developed by Wavelens. Version 1.1.0 of Gradient contains an access control vulnerability caused by unvalidated registration credentials. This vulnerability allows attackers to register as working nodes and access arbitrary storage paths...
nuxt-og-image 代码问题漏洞
nuxt-og-image is a tool developed by Nuxt Modules for generating social media previews for Nuxt applications. Versions of nuxt-og-image from 6.2.5 to 6.4.9 had code issues and vulnerabilities. These vulnerabilities stemmed from an incomplete blocklist for the isBlockedUrl function, which could le...
SiYuan 跨站脚本漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the tooltip handler not properly escaping the aria-label attribute, which could lead to cross-site...
Note Mark 输入验证错误漏洞
Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark from 0.13.0 to 0.19.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of cleaning and validation of asset file names, which could lead to...
Strapi 路径遍历漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi from 4.0.0 to 5.37.0 had a path traversal vulnerability. This vulnerability stemmed from insufficient cleanup of query parameters when filtering content using relationship fields...
Strapi 代码问题漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.33.3 had code vulnerabilities. These vulnerabilities stemmed from a flaw in the Content API endpoint of the Upload plugin, which did not enforce the MIME type...
Strapi SQL注入漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...
hatchet 安全漏洞
Hatchet is an open-source backend task and AI workflow orchestration engine developed by Hatchet. Versions of Hatchet prior to 0.83.39 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization instructions for the GET /api/v1/stable/dags/tasks endpoint,...
Mongoose 注入漏洞
Mongoose is an open-source MongoDB object modeling framework developed by Automattic. It is designed to work in asynchronous environments. Prior to versions 6.13.9, 7.8.9, 8.22.1, and 9.1.6, Mongoose had an injection vulnerability. This vulnerability stemmed from bypassing the sanitizeFilter quer...
Distribution 安全漏洞
Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from bypassing the storage.delete.enabled: false...
Valtimo 日志信息泄露漏洞
Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions 12.4.0 to 12.33.0 and 13.26.0 of Valtimo have a vulnerability related to log information leakage. This vulnerability stems from the LoggingRestClientCustomizer automatical...
Nextcloud News app 代码问题漏洞
The Nextcloud News app is an RSS/Atom news aggregator developed by Nextcloud as open source. Versions of the Nextcloud News app prior to 28.3.0-beta.1 contained code vulnerabilities. These vulnerabilities stemmed from the lack of verification of the feed URL provided by users, which could lead to...