195539 matches found
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.30.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability to bypass the blacklist for ExifTool...
Gotenberg 操作系统命令注入漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient...
DevSpace 信息泄露漏洞
DevSpace is a client developer tool for cloud-native development using Kubernetes, developed by DevSpace Inc. Versions prior to DevSpace 6.3.21 contained an information leakage vulnerability. This vulnerability stemmed from the UI server’s WebSocket feature, which accepts connections from all...
MagicMirror 代码问题漏洞
MagicMirror is an open-source modular smart mirror platform developed by MagicMirror. Versions of MagicMirror prior to 2.36.0 had code vulnerabilities. These vulnerabilities stemmed from unauthorized server-side request forgery through the /cors endpoint, which could allow any remote attacker to...
Flowsint 跨站脚本漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from node descriptions containing arbitrary HTML, allowing remote attackers to create nodes with...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw where only whether the tag was “FileName”...
vCluster Platform 跨站脚本漏洞
vCluster Platform is an open-source virtual cluster manager developed by vCluster. Versions prior to vCluster Platform 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type cross-site scripting in the name field of the...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the Base::init function being repeatedly called ...
Apache Commons 安全漏洞
Apache Commons is an Apache project focused on reusable Java components, developed by the Apache Foundation in the United States. There were security vulnerabilities in versions of Apache Commons from 2.2 to 2.15.0. These vulnerabilities stemmed from uncontrolled recursion when processing YAML...
simdjson 输入验证错误漏洞
Simdjson is an open-source, high-performance JSON parsing library developed by Simdjson. Versions of Simdjson prior to 4.6.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the stringbuilder::escapeandAppend function, which had an integer overflow whe...
WordPress plugin MW WP Form 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin My Calendar – Accessible Event Manager 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Spring Cloud AWS 数据伪造问题漏洞
Spring Cloud AWS is an open-source development framework from awspring, designed for integration with AWS cloud services within the Spring ecosystem. Versions 3.0.0 to 4.0.1 of Spring Cloud AWS contain a data manipulation vulnerability. This vulnerability stems from the lack of validation of the...
Vvveb 跨站脚本漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the Signup::addUser controller in the customer registratio...
Plug 安全漏洞
Plug is an open-source web application middleware and connection specification library developed by elixir-plug, targeting the Elixir ecosystem. Versions of Plug prior to 1.15.4, 1.16.3, 1.17.1, 1.18.2, and 1.19.2 contain security vulnerabilities. These vulnerabilities stem from unlimited buffer...
SOGo SQL注入漏洞
SOGo is a very fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Versions of SOGo prior to 5.12.7 had an SQL injection...
java-webauthn-server 安全漏洞
java-webauthn-server is a Java server-side web authentication library developed by Yubico. There were security vulnerabilities in versions of java-webauthn-server from 2.8.0 to 2.8.2. These vulnerabilities stemmed from incorrect check functions that accessed return values during the second-factor...
OpenImageIO 缓冲区错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from a signe...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions of GitLab CE/EE between 18...
Akıllı E-Commerce Website 安全漏洞
Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained security vulnerabilities. These vulnerabilities were caused by an authorization...
Strapi 安全漏洞
Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 5.45.0 contained security vulnerabilities. These vulnerabilities stemmed from a rate-limiting mechanism in the users-permissions plugin, which derived rate-limiting keys...
WordPress plugin Fluent Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Database Backup for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Essential Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
KDDI あんしんフィルター for au 安全漏洞
KDDI AnShin Filter for au is a content filtering and parental control service provided by the KDDI company for mobile devices. KDDI AnShin Filter for au has a security vulnerability. This vulnerability stems from the transmission of sensitive information in plaintext, which may allow intermediate...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of sensitive information being included in URL parameters, potentially leading to leaks through browser history, logs, or intermediate syste...
OpenImageIO 输入验证错误漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a vulnerability related to input validation errors. This vulnerabilit...
Crabbox 授权问题漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained an authorization vulnerability. This vulnerability stemmed from an authentication bypass, allowing non-administrator token callers to impersona...
Nerdbank.MessagePack 安全漏洞
Nerdbank.MessagePack is a .NET platform-specific MessagePack serialization library developed by Andrew Arnott. Versions of Nerdbank.MessagePack prior to 1.1.62 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled stack allocation during DateTime decoding. Malicious...
WordPress plugin Motors 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
SiYuan 跨站脚本漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan from 2.1.12 to 3.7.0 had a cross-site scripting vulnerability. This vulnerability stemmed from unescaped metadata in the Bazaar marketplace rendering packages, which could lead to storage-based...
OpenBao 安全漏洞
OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 contained security vulnerabilities. These vulnerabilities arose from failures in deleting the initial namespace; subsequent retries failed to properly delete all data, potentially...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of basic authorization tokens for authentication. This vulnerability may lead to credentials being intercepted or abused...
GitLab 代码问题漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were code-related vulnerabilities in versions of GitLab EE betwee...
gst-plugins-good 数字错误漏洞
GStreamer-plugins-good is a GStreamer plugin developed under open source. Versions of GStreamer-plugins-good prior to 1.28.2 contained a numerical error vulnerability. This vulnerability stemmed from the qtdemuxaudiocaps function in the isomp4 plugin, which did not properly validate atomic data...
Verint Verba 跨站脚本漏洞
Verint Verba is an enterprise-level compliance communication recording and interaction archiving platform developed by Verint Corporation in the United States. Verint Verba has a cross-site scripting vulnerability. This vulnerability stems from a lack of input sanitization in the login logging...
Akıllı E-Commerce Website SQL注入漏洞
Akıllı E-Commerce Website is an e-commerce website system developed by the Turkish company Akıllı, aimed at online retail and digital sales scenarios. Versions of Akıllı E-Commerce Website prior to 4.5.001 contained a SQL injection vulnerability. This vulnerability stemmed from improper...
WordPress plugin WP Encryption 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.3 contained a cross-site...
STIGQter 路径遍历漏洞
STIGQter is a compliance checklist generation and reporting tool developed by Jon Hood. Versions of STIGQter from 0.1.2 to 1.2.7 contained a path traversal vulnerability. This vulnerability occurred when processing malicious.stigqter files, allowing attackers to execute local code during the user...
mdserver-web 操作系统命令注入漏洞
mdserver-web is a Linux server management panel developed by Mr. Chen. Versions 0.18.0 to 0.18.4 of mdserver-web contain an operating system command injection vulnerability. This vulnerability stems from the lack of authentication for the /modifycrond and /starttask interfaces, which may allow...
Yordam Library Automation System 代码注入漏洞
Yordam Library Automation System is an application developed by Yordam Corporation. Versions of Yordam Library Automation System from v.19.5 to v.22.1 had a code injection vulnerability. This vulnerability stemmed from improper control over code generation, which could allow remote code to be...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from incorrect configuration of certain security-related HTTP response headers. This issue may reduce the effectiveness of browser-based security controls and...
SiYuan 授权问题漏洞
SiYuan is an open-source personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.7.0 had an authorization issue vulnerability. This vulnerability stemmed from the lack of administrator and read-only permission checks for 8 API endpoints, which could lead to...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of adequate brute-force attack protection measures. This vulnerability may lead to repeated authentication attempts, potentially resulting in...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of exposing sensitive details related to backend infrastructure. This could lead to the disclosure of internal system architecture or...
WordPress plugin CC Child Pages 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站请求伪造漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE from 11.10 to 18.9.7, from 18.10 to 18.10.6, and...
Comarch ERP Optima 信任管理问题漏洞
Comarch ERP Optima is an ERP and financial management system for small and medium-sized enterprises developed by the Polish company Comarch. Versions of Comarch ERP Optima prior to 2026.4 contained a vulnerability related to trust management. This vulnerability stemmed from the use of hard-coded...