195539 matches found
Wing FTP Server 代码注入漏洞
Wing FTP Server is an open-source, cross-platform FTP server software developed by Wing FTP Server. Version 8.1.2 of Wing FTP Server has a code injection vulnerability. This vulnerability stems from the session serialization mechanism, where the mydirectory field for domain administrators allows...
AXIS OS 安全漏洞
AXIS OS is an operating system for edge devices developed by Axis, a Swedish company. There is a security vulnerability in AXIS OS, which stems from insufficient input validation in configuration files. This vulnerability may lead to command injection and potentially allow for privilege escalatio...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by a heap buffer overflow issue in the GPU component. This vulnerability could allow remote attackers to execute out-of-bound memory writes through...
Ivanti Endpoint Manager(EPM) SQL注入漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU6 contained a SQL injection vulnerability. This vulnerability stemmed from SQL injections in the web console, and could allow remote...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There is a security vulnerability in Devolutions Server, which stems from a lack of authorization in the PAM module. This...
Microsoft Windows TCP/IP 代码问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bounds write issue in the WebRTC component, which could allow remote attackers to execute arbitrary code...
Siemens Simcenter Femap 安全漏洞
Siemens Simcenter Femap is a cutting-edge engineering simulation application developed by German company Siemens. It is used for creating, editing, and importing/reusing mesh-based finite element analysis models for complex products or systems. Siemens Simcenter Femap has a security vulnerability...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the AI component, which could allow remote attackers who have breached the rendering proce...
WebPros WHMCS 安全漏洞
WebPros WHMCS is a customer management and automated billing platform provided by the Swiss company WebPros, aimed at hosting providers and domain service providers. There is a security vulnerability in WebPros WHMCS, which stems from insufficient ownership checks in the clientarea.php file. This...
WordPress plugin Smart Appointment & Booking 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
Microsoft Message Queuing 安全漏洞
Microsoft Message Queuing is a solution developed by Microsoft for implementing high-performance asynchronous and synchronous scenarios. There are security vulnerabilities associated with Microsoft Message Queuing. The following products and versions are affected: Windows 10 Version 1809 for 32-b...
Microsoft Windows SMB Client 资源管理错误漏洞
Microsoft Windows SMB Client is a software application developed by Microsoft Corporation. It is a SMB client. The Microsoft Windows SMB Client has a resource management vulnerability that can be exploited by attackers to gain elevated privileges. The following products and versions are affected:...
Fortinet FortiClientWindows 安全漏洞
Fortinet FortiClientWindows is a Windows-based mobile device security solution provided by the American company Fortinet. When connected to the FortiGate firewall device, this solution offers features such as IPsec and SSL encryption, wide-area network optimization, terminal compliance, and...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a reuse issue in the HID component after release, which could allow remote attackers to exploit the situation by...
Microsoft Telnet Client 缓冲区错误漏洞
Microsoft Telnet Client is a network command-line utility built into the Windows operating system by Microsoft. It is commonly used for performing remote login, testing port connectivity, and remote management of systems and devices. Microsoft Telnet Client has a buffer error vulnerability...
WordPress plugin AzonPost 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Intel AI Playground 代码问题漏洞
Intel AI Playground is an online platform operated by Intel Corporation in the United States. Previous versions of Intel AI Playground, including 3.0.0 alpha, had code vulnerabilities that stemmed from uncontrolled search paths, which could lead to privilege escalation...
Microsoft Windows 资源管理错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows 10...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Accessibility components after they were released, which could allow a remote attacker with access ...
Intel Data Center Graphics Driver 缓冲区错误漏洞
Intel Data Center Graphics Driver is a set of graphics drivers developed by Intel Corporation, aimed at data center GPUs and graphics acceleration devices. The Intel Data Center Graphics Driver for versions prior to VMware ESXi 2.0.2 contains a buffer error vulnerability. This vulnerability stems...
Microsoft Windows TCP/IP 安全漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to bypass certain features. The following products and...
GoJobs API 访问控制错误漏洞
The GoJobs API is a high-performance job platform REST API developed by Manav Mahesh Sanger. The GoJobs API has an access control vulnerability, which stems from the lack of authentication and authorization checks in the job retrieval endpoints. This vulnerability may allow unauthorized users to...
phpseclib 资源管理错误漏洞
phpseclib is an open-source PHP security communication library developed by phpseclib. Versions prior to 1.0.29, 2.0.54, and 3.0.52 contained a resource management vulnerability. This vulnerability stemmed from an issue where bypassing CVE-2024-27355 was possible when loading untrusted ASN1 files...
YAFNET 跨站脚本漏洞
YAFNET is an ASP.NET open-source forum solution developed by YAFNET’s developers. Versions of YAFNET prior to 4.0.5 and 3.2.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from the database logging mechanism serializing user agent headers as JSON without encoding the...
Fortinet FortiMail SQL注入漏洞
Fortinet FortiMail is a suite of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.5, and 7.2.0 to 7.2.8 of Fortinet FortiMail contain SQL injectio...
Microsoft GitHub Copilot and Visual Studio 注入漏洞
Microsoft GitHub Copilot and Visual Studio are generative AI tools developed by the American company Microsoft. There are injection vulnerabilities in Microsoft GitHub Copilot and Visual Studio. Attackers can exploit these vulnerabilities to bypass certain features...
Schneider Electric EcoStruxure Panel Server 安全漏洞
Schneider Electric EcoStruxure Panel Server is an IoT gateway developed by Schneider Electric of France, used for data collection and uploading. Schneider Electric EcoStruxure Panel Server has a security vulnerability that stems from the use of insecure default values during resource...
Adobe Commerce 跨站脚本漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Versions of Adobe Commerce such as 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17, and earlier versions contain a cross-site scripting vulnerability. Thi...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient GPU policy execution, which could allow remote attackers to exploit the system through specially crafted HTML...
Zyxel NWA1100-N 安全漏洞
The Zyxel NWA1100-N is a wireless access point produced by the Chinese company Zyxel. The version 1.00AACE.1C0 of the Zyxel NWA1100-N contains a security vulnerability. This vulnerability stems from buffer overflows in the formWep, formWlAc, formPasswordSetup, formUpgradeCert, and formDelcert...
Ivanti Secure Access Client 安全漏洞
Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Vulnerabilities existed in versions of Ivanti Secure Access Client prior to 22.8R6. These vulnerabilities were due to improper permission allocation for critical resources, which could allow locall...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability caused by Fonts integer overflow. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially crafted HTM...
SAP Financial Consolidation 安全漏洞
SAP Financial Consolidation is a financial reporting solution developed by the German company SAP. This product is primarily used for automating intercompany reconciliations and eliminations, currency conversions, and generating financial reports. There is a security vulnerability in SAP Financia...
Microsoft Windows Common Log File System Driver 安全漏洞
The Microsoft Windows Common Log File System Driver is a high-performance, general-purpose log file system API provided by Microsoft. It allows specialized client applications to utilize this subsystem, enabling multiple clients to share it for optimized log access. There are security...
Microsoft Windows DNS 安全漏洞
Microsoft Windows DNS is a domain name resolution service provided by Microsoft Corporation. The Domain Name System DNS is one of the industry-standard protocol suites that includes TCP/IP. Both DNS clients and DNS servers work together to provide name resolution services, mapping computer names ...
sse-channel 注入漏洞
SSE-Channel is a server-push event channel tool developed by Espen Hovlandsdal, based on Node.js. Versions of SSE-Channel prior to 4.0.1 had an injection vulnerability. This vulnerability stemmed from implementations that allowed users to provide values passed into fields such as event, retry, or...
Adobe Substance3D Designer 缓冲区错误漏洞
Adobe Substance3D Designer is a texture and material creation software developed by Adobe Inc. Versions of Adobe Substance3D Designer 15.1.0 and earlier contain a buffer error vulnerability, which stems from out-of-buffer writes, potentially allowing arbitrary code to execute in the current user...
ChurchCRM 跨站请求伪造漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.3.2 contained a cross-site request forgeing vulnerability. This vulnerability originated from a top-level cross-site GET navigation request and could potentially allow logged-in users to delete records...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a vector-based image creation software developed by Adobe Inc. in the United States. Adobe Illustrator has a buffer overflow vulnerability, which stems from out-of-bounds read operations and may lead to sensitive memory leaks. The following versions are affected: version...
Fortinet FortiAP 操作系统命令注入漏洞
Fortinet FortiAP is a controller designed by the American company Fortinet for managing wireless access point devices. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.5, all versions of 7.2, all versions of 7.0, all versions of 6.4, as well as versions 7.0.0 to 7.0.5 of FortiAP-U, all versions of 6.2, and...
Heym 安全漏洞
Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses during workflow execution, allowing authenticated users to execute arbitrary workflows...
Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock from Microsoft Corporation. There are security vulnerabilities associated with the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit these vulnerabilities to gain elevate...
Siemens blueplanet SQL注入漏洞
Siemens Blueplanet is a series of solar inverter and energy monitoring products developed by German company Siemens, aimed at photovoltaic power generation and energy storage systems. Several Siemens products have SQL injection vulnerabilities, which stem from improper handling of special element...
Apache Tomcat 安全漏洞
Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Security vulnerabilities exist in versions of Apache Tomcat ranging from 11.0.0-M1 to 11.0.21, from 10.1.0-M1 to 10.1.54, from...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion issue in the V8 component. This vulnerability could allow remote attackers to obtain potentially sensitive information...
WordPress plugin GWD Connect 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Microsoft Word 安全漏洞
Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Word. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Microsoft SharePoi...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a vector-based image creation software developed by Adobe Inc. of the United States. Adobe Illustrator has a buffer overflow vulnerability, which stems from out-of-bounds writes, potentially allowing arbitrary code to execute in the current user environment. The following...
Adobe Media Encoder 输入验证错误漏洞
Adobe Media Encoder is a audio and video encoding application developed by Adobe, a company based in the United States. Versions of Adobe Media Encoder such as 26.0.2, 25.6.4, and earlier versions had a vulnerability related to input validation errors. This vulnerability stemmed from integer...