195539 matches found
MongoDB Server 资源管理错误漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 7.0.34, 8.0.23, 8.2.9, and 8.3.2 contain a...
Palo Alto Networks GlobalProtect app 代码问题漏洞
The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a code vulnerability that stems from multiple local privilege escalation issues. This vulnerability allows local users to elevate their privileges to Windows’ NT...
Palo Alto Networks Prisma Access Agent 安全漏洞
Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent, which stems from issues with the permission management mechanism. This vulnerability allows...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the possibility for...
WordPress plugin Custom Twitter Feeds 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
F5 BIG-IP和F5 BIG-IQ 命令注入漏洞
F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...
Palo Alto Networks PAN-OS 跨站脚本漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. Palo Alto Networks PAN-OS has a cross-site scripting vulnerability, which stems from a storage-based cross-site scripting issue. This vulnerability could allow malicious authenticated...
WordPress plugin Snow Monkey Blocks 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Blog2Social 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin RTMKit Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability stems from the fact that the...
F5 BIG-IP和F5 BIG-IQ 代码问题漏洞
F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...
ELECOM WRC和ELECOM WAB 安全漏洞
ELECOM WRC and ELECOM WAB are products of the Japanese company ELECOM. ELECOM WRC is a home-use network camera. ELECOM WAB is a series of wireless access points. Both ELECOM WRC and ELECOM WAB have security vulnerabilities. These vulnerabilities stem from the use of hardcoded encryption keys to...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the possibility for...
Gerrit 安全漏洞
Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...
SAMSUNG System Support Service 安全漏洞
SAMSUNG System Support Service is a support component for Samsung devices provided by the South Korean company Samsung. Versions of SAMSUNG System Support Service prior to 8.0.8.0 contained security vulnerabilities. These vulnerabilities were due to improper permission management, and could allow...
F5 BIG-IP 代码问题漏洞
F5 BIG-IP is an application delivery platform developed by F5 Corporation in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a code vulnerability in F5 BIG-IP. This vulnerability arises when configuring...
WordPress plugin WOOD Products Filter for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Hostinger Reach 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the plugin resource endpoints’ ability to read the entire request body into memory, leading to unlimited memory allocation. This could potentially cause...
MISP modules 跨站请求伪造漏洞
MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. MISP modules 3.0.7 and earlier versions had a cross-site request forgery vulnerability. This vulnerability stemmed from the...
CubeCart SQL注入漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from a time-based blind SQL injection in the sorting parameters, which could allow attackers to execute arbitrary SQL...
Palo Alto Networks Chronosphere Chronocollector 安全漏洞
Palo Alto Networks Chronosphere Chronocollector is a cloud-native telemetry data collection component developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Chronosphere Chronocollector, which stems from an information leakage issue. This vulnerability may allow...
Arqit Symmetric Key Agreement Platform 安全漏洞
The Arqit Symmetric Key Agreement Platform is a quantum-safe key negotiation platform developed by Arqit Corporation. Versions prior to 26.03 of the Arqit Symmetric Key Agreement Platform contained security vulnerabilities. These vulnerabilities stemmed from exposing the Keycloak management...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the fact that the editor can delete any comments, even without read-only privileges...
CubeCart 代码问题漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had code vulnerabilities. These vulnerabilities stemmed from the REST API file manager endpoint, which allowed users with API keys to upload PHP source files to web-accessible directories...
F5 BIG-IP 操作系统命令注入漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a vulnerability related to operating system command injection. This...
quark-auto-save 安全漏洞
Quark-auto-save is a personal development tool created by Cp0204, designed for automatic transfer of data to Quark Cloud Storage and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from a batch assignment...
CubeCart 代码注入漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from authenticated server-side template injections in multiple modules. The application insecurely evaluated inputs provided by...
Netty 安全漏洞
Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty from 4.2.0.Final to 4.2.13.Final contain security vulnerabilities. These vulnerabilities ste...
F5 BIG-IP 缓冲区错误漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a buffer error vulnerability, which stems from virtual servers configured...
protobuf.js 操作系统命令注入漏洞
protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions of protobuf.js prior to 1.2.1 and 2.0.2 h...
CKAN 信任管理问题漏洞
CKAN is an open-source data management system developed by CKAN contributors. It is used to power data centers and data portals. Versions of CKAN prior to 2.10.10 and 2.11.5 contained a trust management vulnerability. This vulnerability stemmed from the possibility that the configured SMTP server...
WordPress plugin RTMKit Addons for Elementor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities, which were caused by improper handling of insufficient permissions. Thes...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 15.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities arise when the App Router relies on middleware or proxy authorization checks. Specific route variants are used fo...
protobuf.js 代码注入漏洞
protobuf.js is an open-source implementation of the Protocol Buffers format, written entirely in JavaScript. It supports Node.js and browsers running TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files! Versions of protobuf.js prior to 1.2.1 and 2.0.2 had...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js prior to 15.5.16 and 16.2.5 have a security vulnerability. This vulnerability arises from using the Partial Prerendering feature of Cache Components. A specially crafted POST request to the server can lead to connection...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform developed by F5 Networks in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability stems from virtual serve...
F5 BIG-IP 命令注入漏洞
F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a command injection vulnerability. This vulnerability stems from the fact...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which allows any editor to delete any snapshot, even without read/write privileges...
Palo Alto Networks Prisma Browser 代码问题漏洞
Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a code vulnerability in Palo Alto Networks Prisma Browser, which stems from a race condition issue. This vulnerability may allow non-administrative users with local access to bypass...
Flight 路径遍历漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the editor’s ability to overwrite dashboards that it does not own. This could potentially lead to obtaining administrator privileges on specific dashboard...
Astro 安全漏洞
Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 6.1.10 contained security vulnerabilities. These vulnerabilities stemmed from the use of AES-GCM encryption to protect server island attributes and slot parameters, where the ciphertext was not...
Joomsky Joomla J2 JOBS SQL注入漏洞
Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Corporation. Version 1.3.0 of Joomsky Joomla J2 JOBS contains an SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers...
Palo Alto Networks PAN-OS 操作系统命令注入漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a vulnerability in PAN-OS related to command injection. This vulnerability stems from multiple command injections, which may allow authenticated administrators to bypass system...
Claude Code 后置链接漏洞
Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.3834.0 contained a post-installation vulnerability. This vulnerability stemmed from the CoworkVMService component running with SYSTEM privileges and without verifying wheth...
ShellHub 输入验证错误漏洞
ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the device list endpoint accepting user-controlled identifiers as...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from vulnerabilities in SQL expressions. This vulnerability could allow authenticated attackers to read arbitrary files from the Grafana server’s file system...