195539 matches found
JunoClaw 命令注入漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained a command injection vulnerability. This vulnerability stemmed from the runcommand function in the plugin-shell, which wrapped the commands provided by the proxy within a...
Nexent 安全漏洞
Nexent is an open-source zero-code AI smart agent automatic generation platform developed by ModelEngine-Group. Version 1.7.5.2 of Nexent contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the DELETE /indexname/documents...
HashiCorp Tooling 后置链接漏洞
HashiCorp Tooling is a series of software tools developed by HashiCorp Inc., aimed at infrastructure automation, cloud resource management, and security operations. Versions of HashiCorp Tooling prior to 0.42.0 contained a postback link vulnerability. This vulnerability stemmed from a sandbox pat...
Open-WebSearch 代码问题漏洞
Open-WebSearch is a multi-engine web search and content retrieval tool developed by Aasee’s individual developers, without the need for an API key. Versions of Open-WebSearch prior to 2.1.7 had code vulnerabilities. These vulnerabilities stemmed from URL security checks not recognizing IPv6...
YAFNET SQL注入漏洞
YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s individual developers. Versions of YAFNET prior to 4.0.5 contained a SQL injection vulnerability. This vulnerability stems from the OnPost handler redirection of responses after executing side effects, which could allow...
ChurchCRM 授权问题漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions 7.2.0 to 7.2.2 of ChurchCRM have vulnerabilities related to authorization. These vulnerabilities stem from incomplete fixes to the CVE-2026-4058 vulnerability, which may allow attackers to exploit the PoC Proof of Concept...
Warpgate 跨站请求伪造漏洞
Warpgate is a smart SSH, HTTPS, and MySQL BH developed by the warp-tech project for Linux. Versions of Warpgate prior to 0.23.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the SSO process not verifying the state parameter, which could allow attackers to...
Flowsint 安全漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a security vulnerability. This vulnerability stemmed from the ability of malicious node types to escape existing Cypher queries, potentially allowing remote attackers t...
Statamic 安全漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...
Hugo 路径遍历漏洞
Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...
Snappier 安全漏洞
Snappier is a pure C version of the Google Snappy compression algorithm developed by Brant Burnett. Versions prior to Snappier 1.3.1 contained a security vulnerability; this vulnerability stemmed from the inability to escape an infinite loop that occurred when SnappierStream decompressed Snappy...
deskflow 资源管理错误漏洞
Deskflow is an open-source tool for sharing keyboards and mice across devices. Versions of Deskflow prior to 1.26.0.167 contained a resource management vulnerability. This vulnerability arises from a fatal error branch that occurs when the TLS handshake fails, causing SecureSocket::secureAccept t...
EFW Framework 安全漏洞
EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the previewServlet not performing content...
EFW Framework 命令注入漏洞
EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained a command injection vulnerability. This vulnerability stemmed from the lack of proper path checking in...
EFW Framework 安全漏洞
EFW Framework is an enterprise-level web development framework developed by the efw group, based on Ajax and server-side JavaScript. Versions of the EFW Framework prior to 4.08.010 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the “readonly” flag only...
Micronaut Framework 资源管理错误漏洞
The Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions of the Micronaut Framework prior to 4.10.22 contained a resource management vulnerability. This vulnerability stemmed from the use of unbounded caching in the bundleCach...
wger 安全漏洞
WGER is an open-source project developed by the WGER Team, built using Django for hosting self-hosted FLOSS fitness/exercise, nutrition, and weight tracking applications. Versions of WGER prior to 2.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of Python object...
arduino-esp32 授权问题漏洞
Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained an authorization vulnerability. This vulnerability stemmed from the WebServer implementation, whic...
arduino-esp32 安全漏洞
Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from the WebServer multi-part form parser’s...
Modsecurity 数字错误漏洞
Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity from 3.0.0 to 3.0.15 contained a numerical error vulnerability. This vulnerability stemmed from an unsigned integer underflow, which led to unhandled exceptions and could...
mosparo 代码问题漏洞
Mosparo is a modern spam protection software developed under open source. Versions of Mosparo prior to 1.4.13 had code vulnerabilities. These vulnerabilities stemmed from the automatic rule package source URL feature, which allowed project members with editor roles to store URLs controlled by...
HashiCorp Nomad 后置链接漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...
vLLM 安全漏洞
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.20.0 contained a security vulnerability. This vulnerability stemmed from the extracthiddenstates speculative decoding proposal, which returned tensor...
NanaZip 缓冲区错误漏洞
NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a buffer error vulnerability. This vulnerability stemmed from the BitmapSize field in the ZealFS file system image resolver, where an attacker-controlled BitmapSize field led ...
OpenTelemetry .NET Contrib 安全漏洞
OpenTelemetry .NET Contrib is an open-source telemetry data collection and processing library developed by OpenTelemetry - CNCF. Versions 1.8.0 to 1.15.2 of OpenTelemetry .NET Contrib contain security vulnerabilities. These vulnerabilities stem from the OTLP disk retry feature being reverted to a...
Adobe Commerce 输入验证错误漏洞
Adobe Commerce is a leading digital business solution for businesses and brands from Adobe in the United States. Versions of Adobe Commerce such as 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17, and earlier versions have a vulnerability related to input validation errors. This...
Adobe Commerce 授权问题漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is an authorization issue vulnerability in Adobe Commerce; this vulnerability stems from improper authorization practices, which may allow security features to be...
Adobe Commerce 安全漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from reliance on vulnerable third-party components, potentially causing application denial-of-service...
Adobe Commerce 路径遍历漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...
Adobe Commerce 资源管理错误漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a resource management vulnerability in Adobe Commerce, which stems from uncontrolled resource consumption. This vulnerability could lead to application...
Adobe Commerce 资源管理错误漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a resource management vulnerability in Adobe Commerce, which stems from uncontrolled resource consumption. This vulnerability could lead to application...
Adobe Commerce 资源管理错误漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a resource management vulnerability in Adobe Commerce, which stems from uncontrolled resource consumption. This vulnerability could lead to application...
Adobe Commerce 代码问题漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a code vulnerability in Adobe Commerce, which stems from server-side request forgeing. This vulnerability may allow security features to be bypassed, enabling...
Adobe Commerce 安全漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from improper authorization. This vulnerability may allow security features to be bypassed, enabling...
shelf.nu 输入验证错误漏洞
shelf.nu is an open-source physical asset tracking and management platform developed by Shelf. Versions of shelf.nu from 1.12 to 1.20.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the SQL injection vulnerability in the sortBy query parameter on th...
Cleanuparr 访问控制错误漏洞
Cleanuparr is an automated tool developed by Cleanuparr OpenSource, designed to clean up invalid files in the download queue. Versions of Cleanuparr prior to 2.9.10 contained a access control vulnerability. This vulnerability stemmed from the global CORS policy, which reflected the Origin of each...
Intel Display Virtualization for Windows OS driver 缓冲区错误漏洞
The Intel Display Virtualization for Windows OS driver is a display virtualization driver developed by Intel Corporation. The Intel Display Virtualization for Windows OS driver has a buffer error vulnerability, which stems from improper buffer limits and may lead to a denial-of-service attack...
SAP Strategic Enterprise Management 安全漏洞
SAP Strategic Enterprise Management is a corporate strategic management software developed by the German company SAP. There is a security vulnerability in SAP Strategic Enterprise Management. This vulnerability stems from the lack of authorization checks, which may allow authenticated attackers t...
Siemens Solid Edge 安全漏洞
Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Versions of Siemens Solid Edge prior to SE2026 V226.0 Update 5 contained security vulnerabilities...
Microsoft Rich Text Edit Control 资源管理错误漏洞
Microsoft Rich Text Edit Control is a rich text editor implemented by Microsoft Corporation. There is a resource management vulnerability in Microsoft Rich Text Edit Control. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected:...
Microsoft Windows 竞争条件问题漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. Microsoft Windows has vulnerabilities that can lead to competitive conditions. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affecte...
Siemens Solid Edge 缓冲区错误漏洞
Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Versions of Siemens Solid Edge prior to V226.0 Update 5 contained a buffer error vulnerability...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a vulnerability related to input validation errors. This vulnerability...
Microsoft Edge for Android 安全漏洞
Microsoft Edge for Android is a browser in the Android operating system developed by the American company Microsoft. There are security vulnerabilities in Microsoft Edge for Android. Attackers use these vulnerabilities to carry out phishing attacks...
Intel QAT software drivers for Windows 安全漏洞
Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions prior to Intel QAT software drivers for Windows 1.13 contain security vulnerabilities. These vulnerabilities stem from the...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.168, there was a resource management vulnerability that stemmed from the reuse of GPU resources after they were released. This vulnerability could allow remote attackers to execute arbitrary code within a...
Intel Data Center Graphics Driver 安全漏洞
The Intel Data Center Graphics Driver is a set of graphics drivers developed by Intel Corporation for data center GPUs and graphics acceleration devices. Versions of the Intel Data Center Graphics Driver prior to 2.0.2 contained a security vulnerability caused by a buffer overflow in the Ring 1...
WordPress plugin WP Google Maps Integration 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Eight Day Week Print Workflow SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Microsoft Lightweight Directory Access Protocol(LDAP) 代码问题漏洞
Microsoft Lightweight Directory Access Protocol LDAP is a directory service protocol developed by Microsoft Corporation. It operates at the layer above the TCP/IP stack. There are code-related vulnerabilities in the Microsoft Lightweight Directory Access Protocol LDAP. Attackers can exploit these...