195539 matches found
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by improper implementation of CORS. This vulnerability could allow remote attackers to leak cross-origin data through specially crafted HT...
WordPress plugin WP-Redirection 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Adobe CAI Content Credentials 数字错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a digital error vulnerability, which stems from an integer underflow iss...
Intel QAT software drivers for Windows 缓冲区错误漏洞
Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a buffer error vulnerability. This vulnerability...
Microsoft Windows 资源管理错误漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient network policy execution, which could allow remote attackers to leak cross-source data through specially craft...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by an integer overflow issue in the Internationalization component. This vulnerability could allow remote attackers to execute out-of-boun...
WordPress plugin Bootstrap Shortcode 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
SAP S/4HANA SQL注入漏洞
SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability. This vulnerability allows authenticated attackers to inject malicious SQL statements through user-controlled...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation by the GPU component, which could allow remote attackers with compromised rendering...
WordPress plugin LifePress 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Intel Connectivity Performance Suite 代码问题漏洞
Intel Connectivity Performance Suite is a software developed by Intel Corporation in the United States. It can automatically optimize a computer’s network connections, enhancing Wi-Fi performance and application response times. Versions of Intel Connectivity Performance Suite prior to...
Microsoft Azure Monitor Agent 代码问题漏洞
Microsoft Azure Monitor Agent is a monitoring agent program developed by the American company Microsoft. There are code-related vulnerabilities in Microsoft Azure Monitor Agent. Attackers can exploit these vulnerabilities to gain higher privileges...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation in the Media component, which could allow a remote attacker with access to the render...
SPIP 代码注入漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability, which was caused by remote code execution from private spaces, potentially allowing arbitrary code to be executed...
Microsoft Visual Studio Code 路径遍历漏洞
Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a path traversal vulnerability. Attackers can exploit this vulnerability to obtain sensitive information...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion in the V8 component. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox throug...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability caused by the reuse of extensions after they were released. This vulnerability could allow attackers to execute arbitrary code...
SPIP 代码注入漏洞
SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability. This vulnerability stemmed from remote code execution in public spaces under certain Nginx configurations, potentially allowing arbitrary code to be...
Microsoft Windows Admin Center 安全漏洞
Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. There are security vulnerabilities in Microsoft Windows Admin Center. Attackers can exploit these vulnerabilities to gain higher...
Microsoft Windows Print Spooler Components 竞争条件问题漏洞
The Microsoft Windows Print Spooler Component is a print background processing program component developed by Microsoft Corporation. The Microsoft Windows Print Spooler Component has vulnerabilities related to race conditions. Attackers can exploit these vulnerabilities to gain elevated privilege...
Adobe Premiere Pro 缓冲区错误漏洞
Adobe Premiere Pro is a non-linear editing video editing software developed by Adobe, a company based in the United States. Versions of Adobe Premiere Pro such as 26.0.2, 25.6.4, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may...
WordPress plugin Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings 安全漏洞
WordPress, among others, is a product of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. Effect is a software package used for adding image effects. Aaron Update is a product developed by Aaron, the individual developer behind the project. Update is a...
Microsoft Excel 缓冲区错误漏洞
Microsoft Excel is a spreadsheet software within the Office suite developed by Microsoft Corporation. There is a buffer error vulnerability in Microsoft Excel. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Office Online...
Adobe Premiere Pro 缓冲区错误漏洞
Adobe Premiere Pro is a non-linear editing video editing software developed by Adobe, a company based in the United States. Versions of Adobe Premiere Pro such as 26.0.2, 25.6.4, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may...
changedetection.io 代码问题漏洞
changedetection.io is a website-based application developed by dgtlmoon, designed for code inspection, monitoring, and notification. Versions of changedetection.io prior to 0.54.9 contained a code vulnerability. This vulnerability stemmed from the xpathfilter function not disabling external entit...
mako 路径遍历漏洞
Mako is an open-source template library written in Python by SQLAlchemy. It offers a familiar non-XML syntax, which can be compiled into Python modules for optimal performance. Prior to Mako 1.3.12, there was a path traversal vulnerability. This vulnerability stemmed from a bypass of directory...
lemur 信任管理问题漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...
lemur 注入漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...
granian 安全漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...
granian 输入验证错误漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...
Basic FTP 资源管理错误漏洞
Basic FTP is a Node.js FTP client library developed by Patrick Juchli. Versions of Basic FTP prior to 5.3.1 had a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the size of control responses when parsing multiple lines of the FTP control channel...
vLLM 输入验证错误漏洞
vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Versions of vLLM prior to 0.6.1 to 0.20.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from token injection issues during...
ciguard 后置链接漏洞
Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. In versions 0.8.0 to 0.8.1 of Ciguard, there is a backlink vulnerability. This vulnerability stems from the discoverpipelinefiles function, which follows symbolic links when traversing the...
ciguard 安全漏洞
Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.6.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the SCa HTTP client’s use of json.loads without setting a maximum byte limit, which can...
Entra ID SSO via Microsoft Identity Broker on Linux 访问控制错误漏洞
Entra ID SSO via Microsoft Identity Broker on Linux is a browser extension developed by Siemens that enables single-sign-on on Linux devices through the Microsoft Identity Broker. Versions prior to 1.8.1 of Entra ID SSO via Microsoft Identity Broker on Linux contained an access control...
requests-hardened 代码问题漏洞
requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...
mem0 安全漏洞
mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory creation API endpoints, which may allow remote...
mem0 安全漏洞
mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory deletion API endpoint, which could allow remote...
mem0 安全漏洞
mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory management API endpoints, which may allow remote...
superduper 安全漏洞
Superduper is an open-source database integration AI proxy and application building tool developed by superduper.io. Versions of Superduper prior to v0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the Parseoppart function in the query parsing component, which used t...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the BaseLabeler class’s BaseLabeler.load method, which uses the unsafe...
Pytorch-Lightning 安全漏洞
PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the Trainer class’s Trainer.load method, which uses torch.load to load model...
Siemens RUGGEDCOM 操作系统命令注入漏洞
Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...
Siemens多款产品 代码问题漏洞
The Siemens RUGGEDCOM RM1224 is a wireless router produced by the German company Siemens. It provides data communication for roaming locations, with the capability to connect via 4G LTE and automatically fall back to 3G UMTS or EVDO cellular networks. Several Siemens products have code...
webpack-dev-server 安全漏洞
webpack-dev-server is an open-source application developed by webpack. Versions of webpack-dev-server prior to version 5.2.3 contained security vulnerabilities. These vulnerabilities stemmed from exposure to cross-origin code. When it provided services through non-potentially trusted sources, suc...
AMD EPYC Processor 安全漏洞
The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor. This vulnerability arises from improper isolation of shared resources in the CPU operation cache on Zen 2-based products...
Microsoft Windows Telephony Server 资源管理错误漏洞
Microsoft Windows Telephony Server is a component of the American company Microsoft. It supports the Telephone Application Programming Interface TAPI, allowing computer programs to communicate with shared telephone services. There is a resource management vulnerability in Microsoft Windows...