195539 matches found
Adobe After Effects 输入验证错误漏洞
Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation production, and visual effects creation. Versions of Adobe After Effects such as 26.0, 25.6.4, and...
Adobe After Effects 安全漏洞
Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation creation, and visual effects production. Versions of Adobe After Effects such as 26.0, 25.6.4, and...
Adobe Media Encoder 缓冲区错误漏洞
Adobe Media Encoder is a audio and video encoding application developed by Adobe, a company based in the United States. Versions of Adobe Media Encoder such as 26.0.2, 25.6.4, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may...
Schneider Electric Saitel DR RTU和Schneider Electric Saitel DP RTU 路径遍历漏洞
Schneider Electric Saitel DR RTU and Schneider Electric Saitel DP RTU are both remote terminal devices from Schneider Electric, a French company. Both devices have a path traversal vulnerability. This vulnerability stems from improper path name restrictions, which may lead to unauthorized access ...
Microsoft Windows Cloud Files Mini Filter Driver 资源管理错误漏洞
The Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver developed by Microsoft Corporation. The Microsoft Windows Cloud Files Mini Filter Driver has a resource management vulnerability. The following products and versions are affected: Windows Server 2019, Windows Serve...
Microsoft Windows TCP/IP 竞争条件问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There is a vulnerability related to race conditions in Microsoft Windows TCP/IP. Attackers can exploit this vulnerability to gain elevated privileges. The following...
Flowsint 访问控制错误漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability. This vulnerability stemmed from ineffective access control, which could allow unauthorized users to read log data of other users...
Microsoft Dynamics 365 代码注入漏洞
Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There is a code injection vulnerability in...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection, and they could allow...
Mamba 安全漏洞
Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...
CODESYS Modbus TCP Server 安全漏洞
CODESYS Modbus TCP Server is an automation control component developed by the German company CODESYS, which provides capabilities for Modbus TCP communication and data exchange between industrial devices. There is a security vulnerability in the CODESYS Modbus TCP Server, caused by a race conditi...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...
Microsoft SharePoint 安全漏洞
Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...
Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility issue driver developed by Microsoft for Winsock. There are vulnerabilities related to race conditions in this driver. Attackers can exploit these vulnerabilities to gain elevated privileges. The following products and...
SAP Incentive and Commission Management 安全漏洞
SAP Incentive and Commission Management is a business management platform developed by German company SAP, dedicated to sales incentives, commission calculations, and performance management. There is a security vulnerability in SAP Incentive and Commission Management. This vulnerability stems fro...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from command injection in the web-based management...
ciguard 安全漏洞
Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.1.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the default root user inherited by the published container images, due to the lack of a...
Flowsint 访问控制错误漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability, which allowed attackers who knew the investigation IDs to update the investigation metadata of other users...
wiki.js 安全漏洞
Wiki.js is a Wiki application open-sourced by requarks.io. Versions of Wiki.js prior to 2.5.313 contained a security vulnerability. This vulnerability stemmed from the GraphQL mutation in users.update, which accepted an arbitrary groups array and applied it directly to the database without...
Siemens SIMATIC CN 4100 安全漏洞
The Siemens SIMATIC CN 4100 is a communication node developed by the German company Siemens. Versions of the Siemens SIMATIC CN 4100 prior to V5.0 contained security vulnerabilities. These vulnerabilities stemmed from the system’s susceptibility to resource exhaustion when processing large amount...
Micronaut Framework 资源管理错误漏洞
The Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions of the Micronaut Framework from 4.3.0 to 4.10.22 contained a resource management vulnerability. This vulnerability stemmed from TimeConverterRegistrar caching...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by GPU out-of-bound reads. This vulnerability could allow remote attackers to exploit the system by using specially crafted HTML...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion issue in the ANGLE component. This vulnerability could allow remote attackers who have breached the rendering process ...
NanaZip 安全漏洞
NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the GetAllPaths function in the UFS/UFS2 file system image parser, which allowed recursive subdirectories without...
PhpSpreadsheet 安全漏洞
PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the SpreadsheetML XML reader not verifying whether the...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Versions of Adobe CAI Content Credentials such as 0.78.2, 0.7.0, and earlier versions contained...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions prior to Apple iOS 18.7.3, iPadOS 18.7.3, iOS 26.2, and iPadO...
Pandora FMS 安全漏洞
Pandora FMS is a monitoring system developed by the American company Pandora FMS. This system provides visual monitoring of networks, servers, virtual infrastructure, and applications. There are security vulnerabilities in the 777 to 800 version of Pandora FMS. These vulnerabilities stem from...
Microsoft Teams 安全漏洞
Microsoft Teams is a software product developed by the American company Microsoft, used for online meetings, chatting, and cloud storage functions. There is a security vulnerability in Microsoft Teams. Attackers have exploited this vulnerability to carry out phishing attacks...
Microsoft Windows Kernel 安全漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by improper implementations in the ANGLE component. This vulnerability could allow remote attackers who have breached the rendering proces...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with reuse after release in the Mojo component, which could allow remote attackers who have breached t...
Zyxel WRE6505 安全漏洞
The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a security vulnerability. This vulnerability stems from the insecure storage of sensitive information in the configuration file, which may allow local...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained security vulnerabilities, which were caused by issues with the JavaScript Engine component...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by a sandbox escape in the Profile Backup component...
Microsoft Win32k 输入验证错误漏洞
Microsoft Win32k is a system file used for multi-user management in Windows by Microsoft Corporation. There is an input validation vulnerability present in Microsoft Win32k. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems, Windows 10 Version 1809 for...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in WebML, which could allow remote attackers to execute arbitrary code within a sandbox through a...
Microsoft Windows Kernel 安全漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities present in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are...
Cribl 安全漏洞
Cribl is a log analysis tool developed by Cribl Inc. Versions of Cribl prior to 4.17.1 contained security vulnerabilities. There is currently no information regarding these vulnerabilities. Please stay informed by following CNNVD or the vendor’s announcements...
Microsoft Windows Cloud Files Mini Filter Driver 竞争条件问题漏洞
The Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver developed by Microsoft Corporation. The Microsoft Windows Cloud Files Mini Filter Driver has a vulnerability related to race conditions. Attackers can exploit this vulnerability to gain elevated privileges. The...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bounds write issue in the WebAudio component. This vulnerability could allow remote attackers to execute arbitrary cod...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by improper handling of Media objects. This vulnerability could allow remote attackers to execute out-of-bound memory reads through...
WordPress plugin BJ Lazy Load 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Woo Commerce Minimum Weight 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There is a security vulnerability in Devolutions Server, which stems from improper access control in the notification...
Adobe CAI Content Credentials 资源管理错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Versions of Adobe CAI Content Credentials such as 0.78.2, 0.7.0, and earlier versions had resource...
Microsoft Windows Remote Desktop Services 安全漏洞
Microsoft Windows Remote Desktop Services is a set of features provided by Microsoft that allow users to access graphical desktops and Windows applications remotely. There are security vulnerabilities in Microsoft Windows Remote Desktop Services. Attackers can exploit these vulnerabilities to gai...
WordPress plugin WP SEO Structured Data Schema 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Ingeteam Ingecon Sun EMS Board 加密问题漏洞
The Ingeteam Ingecon Sun EMS Board is a control and communication expansion card developed by Ingeteam for photovoltaic power generation and energy management scenarios. The Ingeteam Ingecon Sun EMS Board has encryption-related vulnerabilities. These vulnerabilities stem from insecure credential...
Schneider Electric多款产品 安全特征问题漏洞
Schneider Electric Easergy MiCOM Px40 Series are products of Schneider Electric, a French company. The Schneider Electric Easergy MiCOM Px40 Series consists of a series of power protection and control relay devices. The Schneider Electric Easergy MiCOM C264 is an industrial communication gateway...