195539 matches found
OpenClaw 路径遍历漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.15 contained a path traversal vulnerability. This vulnerability stemmed from the webchat audio embedding assistant’s failure to apply a check for the inclusion of the local medi...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypass in the Control UI bootstrapping endpoint, allowing unauthenticated attackers to...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.5 to 2026.4.20 contained a security vulnerability. This vulnerability was caused by environmental variable injection, which could lead to the dotenv workspace overriding...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.21 contained security vulnerabilities. These vulnerabilities were caused by an authorization bypass in the command-auth.ts file, which allowed unauthorized senders to bypass the...
Zen 安全漏洞
Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contain security vulnerabilities. These vulnerabilities arise from the address bar incorrectly truncating long hostnames and displaying only the subdomain prefix controlled by the attacker, which may le...
Zen 输入验证错误漏洞
Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contained a vulnerability related to input validation errors. This vulnerability stemmed from project links in RSS subscriptions not being restricted by http or https, which could lead to security risks...
Neat VNC 安全漏洞
Neat VNC is a freely licensed VNC server library developed by Andri Yngvason. Versions of Neat VNC prior to 0.9.6 contained security vulnerabilities. These vulnerabilities stemmed from a buffer overflow in the RSA-AES security processor, which could allow unauthenticated remote attackers to cause...
Open edX Platform 代码问题漏洞
The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has code vulnerabilities that stem from the syncproviderdata endpoint in the...
Open edX Platform 跨站脚本漏洞
The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has a cross-site scripting vulnerability. This vulnerability arises from the...
Network-AI 访问控制错误漏洞
Network-AI is a multi-agent orchestration and governance tool developed by Jovan Marinovic. Versions prior to Network-AI 5.1.3 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication, session, source, or token checks for JSON-RPC tool calls transmitte...
Taiga 跨站脚本漏洞
Taiga is an open-source project management tool developed by Taiga Open Source. Versions of Taiga prior to 6.9.1 had a cross-site scripting vulnerability, which allowed attackers to inject malicious scripts into front-end input fields...
Grav 跨站脚本漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Prior to Grav 9.1.0, there was a cross-site scripting vulnerability. This vulnerability stemmed...
Official Clerk JavaScript SDKs 代码问题漏洞
The Official Clerk JavaScript SDKs are an open-source repository for Clerk authentication purposes. These SDKs have code vulnerabilities that can lead to false positives during authorization checks. This occurs when functions like has and auth.protect, along with related authorization predicates,...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the yuarelparse function in the /lib/sbi/conv.c library, which...
angular-expressions 安全漏洞
Angular-Expressions is an expression compilation and evaluation tool developed by Peerigon. Versions of Angular-Expressions prior to 1.5.2 contained a security vulnerability. This vulnerability allowed attackers to write malicious expressions using filters to escape the sandbox, potentially...
Corteza SQL注入漏洞
Corteza is an open-source low-code platform developed by the Corteza Project, designed for quickly building CRM, business processes, and structured data applications. The Corteza 2024.9.8 version contains a SQL injection vulnerability. This vulnerability arises from the SQL injection vulnerabilit...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions prior to Wagtail 7.0.7, 7.3.2, and 7.4 contain security vulnerabilities. These vulnerabilities stem from the ability of CMS users to access revised versions of pages through the revision comparison view, which...
Grav 跨站脚本漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a cross-site scripting vulnerability. This...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities originate from the smfnsmfhandleupdatedatainvsmf function in the...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities; these vulnerabilities stem from the function OpenAPIlistcreate in the SMF component, which may...
SQUIRREL 缓冲区错误漏洞
SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had a buffer error vulnerability, which stemmed from a stack buffer overflow in the validateformat function within the sqstdlib/sqstdstring.cpp librar...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a null pointer dereferencing in the smfnsmfhandlecreatedatainhsm...
Microsoft Azure Data Explorer Kafka Connect Kusto Sink Connector 安全漏洞
The Microsoft Azure Data Explorer Kafka Connect Kusto Sink Connector is an open-source Kafka data synchronization connector to Azure Big Data Analysis databases. Versions of the Kusto Sink Connector prior to version 5.2.3 have security vulnerabilities. These vulnerabilities stem from uncleaned...
Grav-Plugin-Admin 跨站脚本漏洞
Grav-Plugin-Admin is an administrative plugin developed by Grav, an open-source project. It is used to configure Grav pages. Versions of Grav-Plugin-Admin prior to 1.10.49.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper validation and cleaning of the...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the document and image APIs incorrectly listing items within private collections, potentially...
Grav 安全漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...
ATutor 跨站脚本漏洞
ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...
bettercap 数字错误漏洞
Bettercap is an open-source framework for network attacks and security testing developed by Bettercap. Versions of Bettercap 2.41.5 and earlier contained a numerical error vulnerability. This vulnerability stemmed from an integer coercion conversion error in the ippReadChunkedBody function within...
bettercap 数字错误漏洞
Bettercap is an open-source framework for network attacks and security testing developed by Bettercap. Versions of Bettercap 2.41.5 and earlier contain a numerical error vulnerability. This vulnerability stems from an unknown function in the modules/mysqlserver/mysqlserver.go file of the MySQL...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities; these vulnerabilities stem from the smf component’s ogsnasparseqosrules function, which may lead...
SQUIRREL 缓冲区错误漏洞
SQUIRREL is a programming language developed by Alberto Demichelis. It is the stable version of SQUIRREL 3.2. Versions of SQUIRREL 3.2 and earlier had a buffer error vulnerability, which stemmed from a heap buffer overflow in the function SQFunctionProto::Load located in the file...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Grav CMS 安全漏洞
Grav CMS is an open-source file-based content management system developed by Grav. Versions of Grav CMS prior to 9.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of path stripping during file uploads and the failure to strictly prevent the extension of page...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from a denial-of-service issue and may allow applications to modify protected parts of the file system. The following versions are...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from a buffer overflow in the extractaddresses function. This vulnerability allows attackers to trigger heap-based out-of-bounds reads by exploiting malformed DNS responses, causing a...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function smfnsmfhandlecreatesmcontext in the SMF component,...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions prior to Apple iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadO...
Cradle eCommerce 跨站脚本漏洞
Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs at endpoints/product...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...
Crabbox 安全漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from a certification bypass in the coordinator’s user token verification process. The...
Crabbox 路径遍历漏洞
Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path resolution in the Islo provider’s workspace, allowing attackers to provide...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley individually. DNSmasq has a security vulnerability, which stems from heap-based out-of-bound writes in the DHCPv6 implementation. This vulnerability allows local attackers to execute arbitrary code with root privileges using specially...
Audiobookshelf 跨站脚本漏洞
Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.33.0 had a cross-site scripting vulnerability. This vulnerability occurred due to the login page not properly cleaning the authLoginCustomMessage field, allowing for...
Wagtail 安全漏洞
Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...
HireFlow 安全漏洞
HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the lack of object-level authorization for the /candidate/ and /interview/ endpoints. As a...
Meari Alibaba OSS 安全漏洞
Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...
CPython 安全特征问题漏洞
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security feature vulnerability, which stems from insufficient entropy in Expat hash flood protection mechanisms. This vulnerability may allow specially crafted XML documents to trigger a hash flood...
Cockpit 操作系统命令注入漏洞
Cockpit is an interactive server management interface developed by Cockpit OpenSource. Cockpit has a vulnerability related to operating system command injection. This vulnerability stems from the lack of cleaning of user-controlled parameters in the system log user interface. This allows remote...
Dell ECS和Dell ObjectScale 安全漏洞
Dell ECS and Dell ObjectScale are both products of the American company Dell. Dell ECS is an extensible, manageable, and elastic enterprise-level object storage solution. Dell ObjectScale is an object storage platform. There were security vulnerabilities in versions 3.8.1.0 to 3.8.1.7 of Dell ECS...
MLflow 代码问题漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLflow prior to 3.9.0 contained code vulnerabilities. These vulnerabilities stemmed fr...