195539 matches found
Siemens SIMATIC HMI Comfort Panels 安全漏洞
Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. There are security vulnerabilities in Siemens SIMATIC HMI Comfort Panels. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. This allows...
Intel NPU Driver for Linux和Intel NPU Driver for Windows 安全漏洞
The Intel NPU Driver for Linux and the Intel NPU Driver for Windows are driver programs for neural processing units developed by Intel Corporation. Previous versions of the Intel NPU Driver for Linux and Intel NPU Driver for Windows 32.0.100.4511 contained security vulnerabilities. These...
Microsoft Windows Kernel Mode Drivers 资源管理错误漏洞
Microsoft Windows Kernel Mode Drivers are the kernel mode drivers for Windows from Microsoft. There is a resource management vulnerability present in Microsoft Windows Kernel Mode Drivers. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are...
Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a supplementary function driver for Winsock by Microsoft Corporation. There is a resource management vulnerability present in the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit this vulnerability to gai...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs in the DataTransfer component. It could allow remote attacke...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient execution of WebXR policies, which could allow remote attackers to obtain sensitive information from process...
Adversarial Robustness Toolbox 安全漏洞
Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustness evaluation function i...
ABIS BAPSİS 安全漏洞
ABIS BAPSİS is a research information system developed by the Turkish company ABIS, aimed at university research projects, academic budgets, and administrative processes management. Previous versions of ABIS BAPSİS, such as v.202604152042, contained security vulnerabilities. These vulnerabilities...
Microsoft Office PowerPoint 访问控制错误漏洞
Microsoft Office PowerPoint is a software tool developed by the American company Microsoft for creating presentation documents PPTs. Microsoft Office PowerPoint has a security vulnerability related to access control. Attackers can exploit this vulnerability to carry out deceptive attacks...
dssrf 安全漏洞
DSSRF is a URL and network verification library developed by RelunSec’s individual developers, designed for defending against SSRF vulnerabilities. Versions of DSSRF prior to 1.3.0 contained security vulnerabilities, which stemmed from the ability to bypass the isurlsafe check for each IPv6...
Microsoft .NET 输入验证错误漏洞
Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and transparency in networking. There is an input validation vulnerability in Microsoft .NET. Attackers c...
Microsoft Windows TCP/IP 代码问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...
WordPress plugin Voyage Plus 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Adobe Illustrator 代码问题漏洞
Adobe Illustrator is a vector-based image creation software developed by Adobe, a company based in America. There is a code vulnerability in Adobe Illustrator, which stems from a null pointer dereferencing. This vulnerability may lead to a denial-of-service attack on the application. The followin...
WordPress plugin Court Reservation – Manage Your Court Bookings Online SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the Media component after its release, which could allow remote attackers to execute arbitrary code...
Microsoft SQL Server 安全漏洞
Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There are security vulnerabilities in Microsoft SQL Server. Attackers can exploit these vulnerabilities to execute code remotely. The following...
Microsoft Win32k 资源管理错误漏洞
Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There is a resource management vulnerability in Microsoft Win32k. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windo...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the Media component after its release, which could allow remote attackers to execute arbitrary code...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by an integer overflow issue in the ANGLE component. This vulnerability could allow remote attackers to execute out-of-bound memory writes...
Microsoft Windows TCP/IP 竞争条件问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There is a vulnerability related to race conditions in Microsoft Windows TCP/IP. Attackers can exploit this vulnerability to gain elevated privileges. The following...
WordPress plugin Forms Rb 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Microsoft M365 Copilot 命令注入漏洞
Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot has a command injection vulnerability. Attackers can exploit this vulnerability to alter information...
WordPress plugin WP Travel SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin scratchblocks for WP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Core components after their release, which could allow remote attackers with access to the renderin...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs in the SiteIsolation component. It was possible for remote...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by integer overflow in the GPU component. This vulnerability could allow remote attackers with access to the damaged rendering process to execute a...
SAP S/4HANA Condition Maintenance 安全漏洞
SAP S/4HANA Condition Maintenance is a conditional maintenance function module developed by SAP, a German company, dedicated to enterprise sales, procurement, and pricing rule management. There is a security vulnerability in SAP S/4HANA Condition Maintenance. This vulnerability stems from the lac...
Microsoft Windows TCP/IP 代码问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...
Microsoft Win32k 安全漏洞
Microsoft Win32k is a system file used by Microsoft for multi-user management in Windows operating systems. There are security vulnerabilities in Microsoft Win32k. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows 10...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the IFrame Sandbox component, which could allow remote attackers to bypass navigation...
kubectl-mcp-server 安全漏洞
kubectl-mcp-server is a tool developed by Rohit Ghumare, a personal developer, for managing Kubernetes clusters using natural language. Version 1.1.1 of kubectl-mcp-server contains a security vulnerability. This vulnerability allows attackers to execute arbitrary code on the victim’s system throu...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the release-after-reuse mechanism in the Downloads component, which could allow remote attackers ...
Heym 路径遍历漏洞
Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained a path traversal vulnerability. This vulnerability stemmed from the file upload endpoint’s lack of protection against path traversal attacks. As a result, authenticated...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by improper implementations in the Downloads component. This vulnerability could allow attackers to execute UI deception after users insta...
E-Kalite Turboard FOR-S 安全漏洞
E-Kalite Turboard FOR-S is a digital management system developed by the Turkish company E-Kalite, designed for quality management and enterprise process monitoring scenarios. Versions of E-Kalite Turboard FOR-S prior to version 7.01.2026 to 18.02.2026 contained security vulnerabilities. These...
Mozilla Firefox 缓冲区错误漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a buffer error vulnerability, which was caused by a boundary condition error in the JavaScript Engine’s JIT component...
Adobe Substance3D Designer 缓冲区错误漏洞
Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...
Adobe Substance3D Designer 路径遍历漏洞
Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier have a path traversal vulnerability. This vulnerability stems from path traversal attacks, which may lead to arbitrary file system access...
Adobe Connect 代码问题漏洞
Adobe Connect is a software developed by Adobe, a company based in the United States, used to create meeting environments. There is a code vulnerability in Adobe Connect, which stems from deserializing untrusted data, potentially allowing arbitrary code to execute in the current user environment...
JunoClaw 代码问题漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions of JunoClaw prior to 0.x.y-security-1 contained code vulnerabilities. These vulnerabilities stemmed from the computeDataVerify function in the WAVS bridge, which did not validate the protocol, port, or parse the IP...
YAML::Syck 安全漏洞
YAML::Syck is a Perl library open-sourced by CPAN authors. Versions of YAML::Syck prior to 1.38 contained security vulnerabilities. These vulnerabilities stemmed from the base60 parsing code in perlsyck.h, which experienced a buffer underflow. When processing the leftmost segment of colon-separat...
JunoClaw 操作系统命令注入漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an operating system command injection vulnerability. This vulnerability stemmed from a substring blacklist in the plugin-shell command security check, which could be...
YAFNET 跨站脚本漏洞
YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 and 3.2.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient HTML cleaning or output encoding during postings and replies, whic...
pam_authnft 缓冲区错误漏洞
pamauthnft is an open-source Linux user session network filtering rule management tool based on nftables, developed by identd-ng. Versions of pamauthnft prior to 0.2.0-alpha contained a buffer error vulnerability. This vulnerability stemmed from excessive heap buffer reading in the peerlookuptcp...
VMware Spring AI 安全漏洞
VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. VMware Spring AI has a security vulnerability, which stems from problematic default settings in the chat memory...
antSword 跨站脚本漏洞
AntSword is a cross-platform website management tool developed by the AntSwordProject. Versions of AntSword prior to 2.1.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from incomplete noxss cleanup, allowing for injection through jQuery.terminal format code, which...
changedetection.io 安全漏洞
changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Versions of changedetection.io prior to 0.55.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of snapshot paths retrieved from back...
SUSE kubewarden 安全漏洞
SUSE kubewarden is a policy engine developed by the German company SUSE. SUSE kubewarden has security vulnerabilities. These vulnerabilities stem from attackers who have privileges as AdmissionPolicy or AdmissionPolicyGroup and can exploit the canihost callback. This callback directly executes...