195539 matches found
Adobe InCopy 安全漏洞
Adobe InCopy is a text editing software for creative purposes developed by Adobe, Inc. Versions of Adobe InCopy such as 21.3, 20.5.3, and earlier versions have security vulnerabilities. These vulnerabilities stem from heap buffer overflow exploits, which could allow arbitrary code to execute with...
Spring Framework 访问控制错误漏洞
The Spring Framework is an application development framework developed by Spring in open source. Versions 5.3.0 to 5.3.48 of the Spring Framework contain a security access control vulnerability. This vulnerability arises from potential security bypasses when using the Kotlin Router DSL...
Microsoft Office Excel 竞争条件问题漏洞
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute arbitrary code on the system...
WordPress plugin WP ApplicantStack Jobs Display 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Tenda O3 Wireless Router 安全漏洞
The Tenda O3 is an outdoor wireless bridge produced by the Chinese company Tenda. Version 1.0.0.54180 of the Tenda O3 Wireless Router contains a security vulnerability. This vulnerability stems from a stack overflow in the domain parameter within the fromNetToolGet function, which could allow...
Microsoft Windows NTLM 日志信息泄露漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. Microsoft Windows NTLM has a vulnerability that allows for information leakage. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are...
Huawei EMUI和Huawei HarmonyOS 授权问题漏洞
Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. There are authorization...
Apache Airflow 路径遍历漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a path traversal vulnerability in the Apache...
NETGEAR Routers 输入验证错误漏洞
NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators who have passed authentication to make...
Microsoft Windows Telephony Server 竞争条件问题漏洞
Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There are vulnerabilities related to competition conditions in Microsoft...
389 Directory Server 缓冲区错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a buffer error vulnerability, which stems from the LDIF parser’s tendency to read from the end of the heap buffer when processing attribute typ...
Dell/Alienware Purchased Apps 后置链接漏洞
Dell/Alienware Purchased Apps is a pre-installed software management tool developed by the American company Dell. Versions of Dell/Alienware Purchased Apps prior to 1.1.32.0 contained a backlink vulnerability. This vulnerability stemmed from improper link resolution before file access, which coul...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from insufficie...
Schneider Electric Data Center Expert 代码问题漏洞
Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...
Apptha Slider Gallery SQL注入漏洞
Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery has a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the albid parameter, which may allow unauthenticated attacker...
VMware Spring Framework 代码问题漏洞
VMware Spring Framework is an open-source Java and JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of the VMware Spring Framework prior to 7.0.0, 6.2.0, 6.1.0, and 5.3.0 contain code vulnerabilities. These...
NETGEAR Routers 输入验证错误漏洞
NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators who are connected to the local network and hav...
DBI 缓冲区错误漏洞
DBI is a Perl database interface tool developed under the open-source license of perl5-dbi. Versions of DBI prior to 1.648 contained a buffer error vulnerability. This vulnerability stemmed from the lack of length limitation when error messages were written into a 200-byte buffer, which could lea...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
VMware Spring HATEOAS 安全漏洞
VMware Spring HATEOAS is a REST API hypermedia development framework provided by the American company VMware. Vulnerabilities exist in versions 1.5.0 to 1.5.6, 2.3.0 to 2.3.4, 2.4.0 to 2.4.1, 2.5.0 to 2.5.2, and 3.0.0 to 3.0.3 of VMware Spring HATEOAS. These vulnerabilities stem from the...
Siemens SINEC INS 安全漏洞
Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to S1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/sftp/uploadFiles endpoint...
Microsoft Windows SDK 数字错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in input validation of Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows 11...
Adobe Experience Manager Forms 跨站脚本漏洞
Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integration analysis. The Adobe Experience...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from type confusion. This...
Hermes Web UI 操作系统命令注入漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.311 contained a vulnerability related to operating system command injection. This vulnerability stemmed from a problem with remote code execution, which could allow...
Microsoft Windows Kernel 资源管理错误漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There is a resource management vulnerability in the Microsoft Windows Kernel. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...
Microsoft Remote Desktop Client 资源管理错误漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Remote Desktop Client. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows 10...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Azure 资源管理错误漏洞
Microsoft Azure is an open enterprise-level cloud computing platform provided by the American company Microsoft. There is a resource management vulnerability in Microsoft Azure. Currently, there is no information regarding this vulnerability. Please stay informed by following CNNVD or the vendor’...
Skilja Vinna Process Monitor 跨站脚本漏洞
Skilja Vinna Process Monitor is a business process monitoring platform developed by Skilja Corporation. The Skilja Vinna Process Monitor 4.0 Service Pack 1 version contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting flaw, which could...
Omnissa Workspace ONE Assist for macOS 路径遍历漏洞
Omnissa Workspace ONE Assist for macOS is an enterprise remote assistance client developed by the American company Omnissa. Omnissa Workspace ONE Assist for macOS has a path traversal vulnerability, which stems from issues with local privilege escalation...
Adobe InDesign Desktop 安全漏洞
Adobe InDesign Desktop is a professional desktop publishing software, primarily used for page design, printing, and digital publishing. Adobe InDesign Desktop has a heap buffer overflow vulnerability, which stems from improper handling of certain file data, leading to out-of-bound writes to the...
Microsoft Windows Kernel 缓冲区错误漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...
Microsoft Nuance PowerScribe 360 反序列化漏洞
Microsoft Nuance PowerScribe is a medical speech recognition and report generation system for radiologists developed by Microsoft. There are code-related vulnerabilities in Microsoft Nuance PowerScribe. Attackers can exploit these vulnerabilities to execute code remotely. The following products a...
VMware Spring Framework 代码问题漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. VMware Spring Framework versions 7.0.0 and earlier, as well as 6.2.0 and earlier, have code vulnerabilities. These vulnerabilities...
Microsoft Windows DHCP Server 缓冲区错误漏洞
Microsoft Windows DHCP Server is a core service of the American company Microsoft, used for automatically retrieving network configuration information. There is a buffer error vulnerability in Microsoft Windows DHCP Server. Attackers can exploit this vulnerability to obtain sensitive information...
SAP NetWeaver AS Java 跨站脚本漏洞
SAP NetWeaver AS Java is a platform system developed by the German company SAP. SAP NetWeaver AS Java has a cross-site scripting vulnerability, which stems from reflective cross-site scripting and may allow malicious scripts to be executed...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function, which could allow attackers to cause...
NETGEAR Routers 输入验证错误漏洞
NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a vulnerability related to input validation. This vulnerability stems from insufficient authentication and input validation, which may allow unauthorized users on the local network to...
Microsoft Win32k 数字错误漏洞
Microsoft Win32k is a system file used for multi-user management in Windows by Microsoft Corporation. There is an input validation vulnerability in Microsoft Win32k-GRFX. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows 10 Version...
FreeSWITCH 授权问题漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was an...
Microsoft Windows 权限许可和访问控制问题漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a access control vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are affected: Windows 11...
Huawei HarmonyOS 信息泄露漏洞
Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. HUAWEI HarmonyOS has a vulnerability related to information leakage, which stems from the permission control of the file previ...
Huawei HarmonyOS 访问控制错误漏洞
Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless experiences across devices and memory management capabilities. There is an access control vulnerability in the package management module of Huawei HarmonyOS. The cause of this...
Spring Framework 资源管理错误漏洞
The Spring Framework is an application development framework developed by Spring in open source. Vulnerabilities related to resource management exist in versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the Spring Framework. These vulnerabilities stem from potentia...
Microsoft DWM Core Library 资源管理错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a resource management vulnerability in the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...
FastApiAdmin 跨站脚本漏洞
FastApiAdmin is a full-stack rapid development platform based on FastAPI, developed by fastapiadmin. Version 2.2.0 of FastApiAdmin contains a cross-site scripting vulnerability. This vulnerability stems from the /system/notice/create endpoint, which has a cross-site scripting vulnerability relate...
WordPress plugin Simply Poll SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Microsoft DWM Core Library 资源管理错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a resource management vulnerability in the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...