195539 matches found
CubeCart SQL注入漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a SQL injection vulnerability. This vulnerability occurred because the administrator’s order transaction list page constructed the original ORDER BY SQL fragment from the $GETsort array,...
EcclesiaCRM SQL注入漏洞
EcclesiaCRM is a customer relationship management software for church management, developed by the French individual phili67. Versions of EcclesiaCRM 8.0.0 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the default behavior of the ValidateInput function, which...
MISP modules 跨站请求伪造漏洞
MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. MISP modules 3.0.7 and earlier versions had a cross-site request forgery vulnerability. This vulnerability stemmed from the...
Flight 跨站脚本漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Flight::jsonp, which directly connected the “?jsonp=” query parameter to the application/javascript response body. No...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which arises from using the timeGroup macro, potentially leading to server overload and OOM issues...
OpenTelemetry Collector Contrib 安全漏洞
OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed under OpenTelemetry - CNCF. There are security vulnerabilities in versions 0.124.0 to 0.150.0 of OpenTelemetry Collector Contrib. These vulnerabilities stem from the Authenticate method not...
Nitro 路径遍历漏洞
Nitro is an open-source, zero-configurable production-level server extension tool developed by Nitro. Versions prior to Nitro 3.0.260429-beta contained a path traversal vulnerability. This vulnerability allowed attackers to send percent-encoded paths in URLs, causing Nitro to redirect requests to...
Hermes Web UI 路径遍历漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...
Next.js 跨站脚本漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.0 to 15.5.16, as well as versions before 16.2.5, have a cross-site scripting vulnerability. This vulnerability arises when the App Router application relies on CSP nonce. A format- incorrect nonce value is derived...
vm2 代码注入漏洞
vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It runs untrusted code using built-in Node modules listed in the allowlist. In versions 3.9.6 to 3.10.5 of vm2, there was a code injection vulnerability. This vulnerability stemmed from a bridgi...
vm2 代码注入漏洞
vm2 is a high-level virtual machine/sandbox for Node.js developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability, which was due to the access to...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. There were security vulnerabilities in versions of Next.js from 12.2.0 to 15.5.16, and also in version 16.2.5. These vulnerabilities stemmed from the ability for an external client to send the x-nextjs-data header on normal requests processed by...
fast-xml-parser 安全漏洞
fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML documents without relying on C/C++-based libraries or callbacks. A security vulnerability exists in the version 1.1.5 of fast-xml-parser. This vulnerabilit...
protobuf.js 输入验证错误漏洞
protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js...
protobuf.js 安全漏洞
protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 a...
protobuf.js 安全漏洞
protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of aggregate values in the contpteptepsetaccessflags function when detecting no operation...
JupyterLab 参数注入漏洞
JupyterLab is an open-source extension for interactive and reproducible computing environments, based on Jupyter Notebooks and their architecture. Versions 4.0.0 to 4.5.6 of JupyterLab contain a parameter injection vulnerability. This vulnerability arises from improper execution of the allowlist...
Checkmk 代码问题漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.4.0p29, 2.3.0p47, and 2.2.0 contained code vulnerabilities. These vulnerabilities stemmed from permission escalation issues within the mkmysql proxy plugin on Windows, which could allow...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There were security vulnerabilities in versions prior to MongoDB Server 7.0.34,...
MongoDB Server 日志信息泄露漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log information leakage,...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with the LPM component of the ST1000DM010-2EP102 hard drive. This vulnerability may...
protobuf.js 安全漏洞
protobuf.js is a pure JavaScript implementation of the protobuf.js project, open source. It provides a protocol buffer implementation that supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the luoretrievefile function. When retrieval fails, this function does not record the attempt...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nouveau/gsp driver’s use of the WARNON flag during ACPI detection, potentially triggering a...
Rancher 安全漏洞
Rancher is an open-source container management platform developed by Rancher in the United States. It is designed for organizations that deploy containers in production environments. Rancher has a security vulnerability caused by path traversal in the compressedEndpoint field within Extensions...
WordPress plugin coreActivity 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
ERPNext 代码问题漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to 15.104.3 and 16.12.0 contained code vulnerabilities. These vulnerabilities stemmed from improper restrictions on XML external entity references in the EDI...
ERPNext 安全漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to ERPNext 16.9.1 contained security vulnerabilities; these vulnerabilities stemmed from certain endpoints failing to perform appropriate authorization checks, allowing...
ERPNext 代码问题漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions prior to 15.106.0 and 16.16.0 of ERPNext contained code vulnerabilities. These vulnerabilities stemmed from the ability for malicious users to send specially crafted requests t...
quark-auto-save 跨站脚本漏洞
Quark-auto-save is a personal development tool by Cp0204, designed for automatic transfer of data to a Quark Network drive and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the v-html...
MISP SQL注入漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics, and it includes functions such as analysis of threats to network security and malware analysis. Prior to MISP 2.5.37, there was an S...
CubeCart 跨站脚本漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw, which could allow attackers with administrative privileges to inject...
CubeCart SQL注入漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from a time-based blind SQL injection in the sorting parameters, which could allow attackers to execute arbitrary SQL...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...
Alinto SOGo 安全漏洞
Alinto SOGo is an open-source collaboration office software developed by Alinto. Version 5.12.7 of Alinto SOGo contains a security vulnerability. This vulnerability stems from insufficient SVG content cleaning in the ICS calendar invitation files. It may allow remote attackers to execute JavaScri...
Nitro 输入验证错误漏洞
Nitro is an open-source, zero-configurable production-level server extension tool developed by Nitro. Versions prior to Nitro 3.0.260429-beta contained a vulnerability related to input validation errors. This vulnerability allowed attackers to convert wildcarded redirect rules into cross-host...
Next.js 跨站脚本漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 13.0.0 to 15.5.16, as well as versions before 16.2.5, have a cross-site scripting vulnerability. This vulnerability arises from the use of the beforeInteractive script when embedding trusted content, where the serialized...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Patrik Simek from Czech Republic. It allows running untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.2 have security vulnerabilities. There is currently no information regarding these...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using built-in Node.js modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from the CallSite wrapper class allowing...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.2 had a security vulnerability. This vulnerability stemmed from the neutralizeArraySpeciesBatch method...
vm2 安全漏洞
vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem from sandbox escape exploits, allowing...
vm2 代码注入漏洞
vm2 is a high-level virtual machine/sandbox for Node.js developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from the possibility of...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 14.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities stem from improperly partitioning response variants when using React Server Components, which can lead to cache...
fast-xml-builder 安全漏洞
fast-xml-builder is an open-source building tool developed by Natural Intelligence that converts JSON data into XML format. Versions of fast-xml-builder prior to 1.1.7 contained security vulnerabilities. These vulnerabilities occurred when input data contained quotes in attribute values, and enti...
protobuf.js 安全漏洞
protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xHCI controller failing to clear interrupts when reporting host controller errors, potentiall...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of an incorrect auxiliary function in the rt1011recvspkmodeput function to obtain DAPM...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the functions netshapernlgetdoit and netshapernlcapgetdoit. These functions incorrectly call nlmsgfree...