195539 matches found
Syft 安全漏洞
Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...
Adobe CAI Content Credentials 资源管理错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Versions of Adobe CAI Content Credentials such as 0.78.2, 0.7.0, and earlier versions had resource...
Intel QAT software drivers for Windows 数字错误漏洞
Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a numerical error vulnerability. This vulnerabilit...
Guardrails 安全漏洞
Guardrails is a Python framework open source by Guardrails AI. Versions of Guardrails 0.6.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Hub package installation mechanism, which retrieved lists from the Guardrails Hub when installing the validationer...
Microsoft Dynamics 365 安全漏洞
Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There are security vulnerabilities in...
NanaZip 代码问题漏洞
NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 had code-related vulnerabilities. These vulnerabilities stemmed from the UFS/UFS2 file system image parser, which unconditionally treated the root inode as a directory without checking...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from a reuse issue in the GTK component. This vulnerability could allow remote attackers to execute arbitrary code through a...
Microsoft .NET 输入验证错误漏洞
Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There is an input validation vulnerability in Microsoft .NET. Attackers can...
Zephyr 安全漏洞
Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which occurs when sending ICMP ping messages to the device’s own IPv4 address using the net ping shell command. This causes the network stack to recursively re-ente...
Adversarial Robustness Toolbox 安全漏洞
Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustnessevaluationfgsmpytorch....
Siemens多款产品 跨站脚本漏洞
The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of file names on the firmware update page. It may allo...
Adobe After Effects 安全漏洞
Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. This software is primarily used for 2D and 3D compositing, animation production, and visual special effects. Versions of Adobe After Effects such as 26.0, 25.6.4, and earlier versions have...
ludwig 安全漏洞
Ludwig is an open-source declarative deep learning framework developed by Ludwig. Versions of Ludwig 0.10.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the predict method, which uses pandas.readpickle without proper validation when loading pickle files. This coul...
Microsoft DWM Core Library 安全漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There are security vulnerabilities in the Microsoft DWM Core Library. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected:...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the reuse of UI elements after they were released, which could allow remote attackers to achieve sandbox escape...
Code Runner MCP Server 访问控制错误漏洞
Code Runner MCP Server is a multi-language code execution and result display tool developed by Jun Han. There is an access control vulnerability in Code Runner MCP Server. This vulnerability arises when the --transport http option is used, exposing an unauthenticated /mcp JSON-RPC endpoint on por...
Microsoft Projected File System 资源管理错误漏洞
The Microsoft Projected File System is an application system developed by Microsoft Corporation. It projects hierarchical data into the file system, making it appear as files and directories within the file system. The Microsoft Projected File System has a resource management vulnerability...
Microsoft Windows Kernel Mode Drivers 资源管理错误漏洞
Microsoft Windows Kernel Mode Drivers are the kernel mode drivers of Windows from Microsoft. There is a resource management vulnerability in Microsoft Windows Kernel Mode Drivers. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by Codecs integer overflow. This vulnerability could allow remote attackers to exploit the system through specially crafted video files, resulting in...
Microsoft Windows Common Log File System Driver 数字错误漏洞
The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. The Microsoft Windows Common L...
Microsoft Windows 安全漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Windows 10 Version...
Microsoft DWM Core Library 缓冲区错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. The Microsoft DWM Core Library has a buffer overflow vulnerability. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are affected: Windows...
Microsoft Windows TCP/IP 代码问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...
Microsoft Windows Admin Center 访问控制错误漏洞
Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a vulnerability related to access control. Attackers can exploit this vulnerability to gain...
Subnet Solutions PowerSYSTEM Center 注入漏洞
Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. The Subnet Solutions PowerSYSTEM Center has an injection vulnerability, which stems from CRLF injections during SMTPS communication...
WordPress plugin Advanced Custom Fields Extended 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Fortinet FortiAP 操作系统命令注入漏洞
Fortinet FortiAP is a controller designed by the American company Fortinet for managing wireless access point devices. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as FortiAP-W2 versions 7.4.0 to 7.4.4, all versions of 7.2, and al...
Microsoft Windows Kernel 安全漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...
SAP Commerce Cloud 安全漏洞
SAP Commerce Cloud is a cloud-based e-commerce platform developed by SAP, a German company. This platform supports sales management, marketing management, order management, and operational management. There is a security vulnerability in SAP Commerce Cloud, which stems from improper configuration...
Open-Xchange OX Dovecot Pro 资源管理错误漏洞
Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability. This vulnerability stems from allowing attackers to upload malicious Sieve scripts, bypassing the configured CPU ti...
NanaZip 安全漏洞
NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the recursive, depth-unlimited behavior of the nlohmann::json::parse and GetAllPaths functions in the Electron...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...
Claris FileMaker Cloud 安全漏洞
Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...
WordPress plugin Continually 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. In...
Adversarial Robustness Toolbox 安全漏洞
Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the model loading function in the...
Microsoft Windows Internet Key Exchange 安全漏洞
Microsoft Windows Internet Key Exchange is the Internet Key Exchange protocol in Microsoft’s Windows operating system. There are security vulnerabilities associated with Microsoft Windows Internet Key Exchange. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks...
Microsoft Rich Text Edit Control 资源管理错误漏洞
Microsoft Rich Text Edit Control is a rich text editor implemented by Microsoft Corporation. There is a resource management vulnerability in Microsoft Rich Text Edit Control. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected:...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation in the FileSystem component, which could allow remote attackers who had been convince...
Adobe Substance3D Designer 缓冲区错误漏洞
Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...
Microsoft Win32k 资源管理错误漏洞
Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There is a resource management vulnerability in Microsoft Windows Win32K-ICOMP. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...
WordPress plugin Quick Table 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by an object lifecycle issue in the WebShare component. This vulnerability could allow remote attackers to execute arbitrary code by...
Microsoft SSO Plugin for Jira & Confluence 安全漏洞
The Microsoft SSO Plugin for Jira & Confluence is an SSO authentication integration plugin developed by Microsoft for Atlassian collaboration software Jira and Confluence in local deployment. There are security vulnerabilities in the Microsoft SSO Plugin for Jira & Confluence. Attackers can explo...
Microsoft Windows TCP/IP 资源管理错误漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There is a resource management vulnerability in Microsoft Windows TCP/IP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems,...
CosyVoice 安全漏洞
CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. CosyVoice has a security vulnerability. This vulnerability arises from the model loading process, where the .pt files in the user-specified directory are loaded using torch.load, without enabling...
Intel QAT software drivers for Windows 输入验证错误漏洞
Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a vulnerability related to input validation. This...
WordPress plugin Fancy Image Show 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Postgrex SQL注入漏洞
Postgrex is an open-source Elixir language PostgreSQL database driver developed by elixir-ecto. In versions 0.16.0 to 0.22.2 of Postgrex, there was a SQL injection vulnerability. This vulnerability stemmed from the lack of neutralization of special elements in the Elixir.Postgrex.Notifications...
WordPress plugin Zawgyi Embed 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
SAP NetWeaver Application Server ABAP 跨站脚本漏洞
SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. SAP NetWeaver Application Server ABAP has a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site...