195539 matches found
Fuji Electric Fuji Tellus 安全漏洞
Fuji Electric Fuji Tellus is an interface and control platform for industrial automation and equipment monitoring developed by Fuji Electric in Japan. There is a security vulnerability in Fuji Electric Fuji Tellus, which stems from adding drivers to the kernel during the installation process,...
WordPress plugin Xpro Elementor Addons SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
sealed-env 信息泄露漏洞
Sealed-Env is a cross-platform zero-trust key management library developed by David Almeida. It supports encrypted storage and TOTP verification. Versions of Sealed-Env from 0.1.0-alpha.1 to 0.1.0-alpha.3 contained information leakage vulnerabilities. These vulnerabilities stemmed from the fact...
Microsoft Word 访问控制错误漏洞
Microsoft Word is a word processing software within the Office suite developed by the American company Microsoft. There is an access control error vulnerability in Microsoft Word. Attackers exploit this vulnerability to carry out deceptive attacks...
Microsoft Windows GDI 安全漏洞
Microsoft Windows GDI is a core underlying standard interface within the Windows operating system developed by Microsoft, responsible for drawing graphical objects on the screen or printer, managing fonts, and processing images. There are security vulnerabilities in Microsoft Windows GDI. Attacke...
Microsoft Word 安全漏洞
Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Word. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected: Microsoft 3...
Microsoft Office 安全漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...
Heym 安全漏洞
Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution by the ViewTransitions component, which could allow remote attackers to exploit the...
Fortinet FortiNDR SQL注入漏洞
Fortinet FortiNDR is a network detection and response solution provided by the American company Fortinet. Versions 7.6.0 to 7.6.2, 7.4.0 to 7.4.9, all versions of 7.2, all versions of 7.1, and all versions of 7.0 of Fortinet FortiNDR contain an SQL injection vulnerability. This vulnerability stem...
Intel QAT software drivers for Windows 输入验证错误漏洞
Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. Versions of Intel QAT software drivers for Windows prior to version 1.13 contain a vulnerability related to input validation errors...
Flowsint 跨站脚本漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from map node tags containing arbitrary HTML, which could lead to storage-based cross-site scripting...
Microsoft Windows Storage Spaces Controller 输入验证错误漏洞
Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for storage space functions. There is an input validation vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...
WordPress plugin Skysa Text Ticker App 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 5.0.0-RC1 to 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from the AssetsController::actionShowInFolder method, which did not check user permissions when...
Microsoft Windows TCP/IP 安全漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities associated with Microsoft Windows TCP/IP. The following products and versions are affected: Windows 10 Version 1809 for 32-bit...
Relay Server 安全漏洞
Relay Server is an open-source system by System 3 that supports offline collaborative real-time document synchronization. There were security vulnerabilities in the Relay Server versions 0.9.0 to 0.9.6. These vulnerabilities stemmed from WebSocket endpoints for multiple documents, where WebSocket...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Fullscreen component, which could allow remote attackers to execute UI spoofing through...
SAP Forecasting and Replenishment 命令注入漏洞
SAP Forecasting and Replenishment is a demand forecasting and inventory replenishment management system developed by SAP, a German company, for retail and supply chain scenarios. SAP Forecasting and Replenishment has a command injection vulnerability. This vulnerability stems from OS command...
Ashlar-Vellum多款产品 缓冲区错误漏洞
Ashlar-Vellum Xenon is a product of the Ashlar-Vellum company. Ashlar-Vellum Xenon is a CAD modeling software. Ashlar-Vellum Cobalt is a parametric computer-aided design and 3D modeling program. Ashlar-Vellum Argon is a 2D drafting and 3D modeling software. Several products from the Ashlar-Vellum...
Microsoft Word 资源管理错误漏洞
Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Word. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Microsoft...
Microsoft Office 资源管理错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...
Chitora Lhaz 路径遍历漏洞
Chitora Lhaz is a Windows compression tool developed by Chitora Company in Japan. It supports the creation of files in various compression formats and the decompression of those files. Chitora Lhaz has a path traversal vulnerability. This vulnerability stems from an issue with the automatic folde...
WordPress plugin Credits Shortcode 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Siemens ROS# 安全漏洞
Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Versions of Siemens ROS prior to V2.2.2 contained security vulnerabilities. These vulnerabilities were caused by improperly cleaned user inputs, leading to path traversal attacks. Th...
Zyxel WRE6505 安全漏洞
Zyxel WRE6505 is a wireless signal expansion device produced by Zyxel Corporation in China. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains a security vulnerability. This vulnerability stems from the improper limit on the number of authentication attempts made by the web management interface...
Apple macOS 访问控制错误漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.2 contain an access control error vulnerability. This vulnerability stems from an access issue that could allow...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by a compilation error in the JavaScript Engine’s JIT component...
Apache Tomcat 输入验证错误漏洞
Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, and...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. Adobe CAI Content Credentials has a vulnerability related to input validation errors. This vulnerability...
Siemens多款产品 信任管理问题漏洞
Siemens Teamcenter is a software application for product lifecycle management developed by Siemens, a German company. Several Siemens products have vulnerabilities related to trust management. These vulnerabilities stem from hardcoded keys used for obfuscation, which could allow attackers to obta...
Nexent 安全漏洞
Nexent is an open-source zero-code AI smart agent automatic generation platform developed by ModelEngine-Group. Version 1.7.5.2 of Nexent contains a security vulnerability. This vulnerability stems from the lack of authentication, authorization, and input validation mechanisms in the DELETE...
Microsoft Message Queuing 资源管理错误漏洞
Microsoft Message Queuing is a solution developed by Microsoft for implementing high-performance asynchronous and synchronous scenarios. There is a resource management vulnerability in Microsoft Message Queuing. The following products and versions are affected: Windows 11 Version 24H2 for...
Subnet Solutions PowerSYSTEM Center 注入漏洞
Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. The Subnet Solutions PowerSYSTEM Center has an injection vulnerability, which stems from CRLF injections during SMTPS communication...
Hewlett Packard Enterprise ArubaOS(HPE ArubaOS) 跨站脚本漏洞
Hewlett Packard Enterprise ArubaOS is a network wireless operating system developed by Hewlett Packard Enterprise. Hewlett Packard Enterprise ArubaOS contains a cross-site scripting vulnerability. This vulnerability stems from vulnerabilities in the web-based management interface, which may allow...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion issue in the ANGLE component. This vulnerability could allow remote attackers who have breached the rendering process ...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Tab Groups component regarding the reuse of resources after release. It could allow remote...
Adobe After Effects 缓冲区错误漏洞
Adobe After Effects is a visual effects and dynamic graphics production software developed by Adobe, Inc. in the United States. This software is primarily used for 2D and 3D compositing, animation creation, and visual special effects. Versions of Adobe After Effects such as 26.0, 25.6.4, and...
Microsoft Excel 安全漏洞
Microsoft Excel is a spreadsheet software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Excel. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Office Online Server...
Microsoft Windows TCP/IP 代码问题漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are code-related vulnerabilities in Microsoft Windows TCP/IP. Attackers can exploit these vulnerabilities to cause system denial-of-service attacks. The followin...
lemur 信任管理问题漏洞
Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...
granian 安全漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions of Granian from 0.2.0 to 2.7.4 contain security vulnerabilities. These vulnerabilities occur when the WSGI application returns invalid HTTP response...
granian 输入验证错误漏洞
Granian is a high-performance Python HTTP server developed by Emmett under open source principles, using Rust as the programming language. Versions 1.2.0 to 2.7.4 of Granian contain a vulnerability related to input validation. This vulnerability arises when an unvalidated client sends a WebSocket...
Fides 安全漏洞
Fides is an open-source privacy engineering platform developed by Ethyca, used to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations within code. Versions of Fides from 2.75.0 to 2.83.2 contained security vulnerabilities. These...
requests-hardened 代码问题漏洞
requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...
mem0 安全漏洞
mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory creation API endpoints, which may allow remote...
mem0 安全漏洞
mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Version 1.0.0 of mem0 contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization controls in the memory management API endpoints, which may allow remote...
superduper 安全漏洞
Superduper is an open-source database integration AI proxy and application building tool developed by superduper.io. Versions of Superduper prior to v0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the Parseoppart function in the query parsing component, which used t...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that enables rapid generation of training data using weak supervision. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the MultitaskClassifier class’s MultitaskClassifier.load method, whic...
Snorkel 安全漏洞
Snorkel is an open-source system developed by Snorkel that uses weak supervision to quickly generate training data. Versions of Snorkel prior to v0.10.0 contain security vulnerabilities. These vulnerabilities stem from the Trainer class’s Trainer.load method, which uses torch.load to load model...