195539 matches found
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...
Apple多款产品 安全漏洞
Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...
pyLoad 路径遍历漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained a path traversal vulnerability. This vulnerability stemmed from insufficient cleanup of package folder names, which could lead to path traversal attacks...
WSO2 Identity Server 资源管理错误漏洞
WSO2 Identity Server is an identity authentication server developed by the American company WSO2. There is a resource management vulnerability in WSO2 Identity Server. This vulnerability arises from accepting multiple invalid authentication requests without proper rate limiting or resource contro...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...
pyLoad 信任管理问题漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained a trust management vulnerability. This vulnerability stemmed from the fact that the allowlist did not include the general.sslverify option in the setconfigvalue API method. As a resul...
docuForm FSM Server 跨站脚本漏洞
The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...
Cradle eCommerce 跨站脚本漏洞
Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs in HTML output,...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...
WWBN AVideo 代码注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a code injection vulnerability. This vulnerability stemmed from incomplete mitigation measures for the autoEvalCodeOnHTML evaluation function in YPTSocket, allowin...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function smfnsmfhandlecreateddatainvsmf in the SMF component...
Apple多款产品 安全漏洞
Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
WordPress plugin Custom css-js-php 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to version 29 contain code vulnerabilities. These vulnerabilities stem from an unvalidated donation notification Webhook URL, which may allow attackers to access internal or cloud...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a security vulnerability that stems from the lack of verification of user account status. This vulnerability may allow locked accounts to be successfully authenticated throug...
Vaultwarden 授权问题漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden prior to 1.35.5 had an authorization vulnerability. This vulnerability stemmed from a lack of enforcement that ensured that the groupsusers.usersorganizationsuuid entry...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities originate from the ogsnnrfnfmhandlenfprofile function in the...
Apple多款产品 安全漏洞
Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Grav 安全漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained security vulnerabilities. These vulnerabilities...
Grav 代码注入漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a code injection vulnerability. This vulnerabili...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.20 contained security vulnerabilities. These vulnerabilities were caused by incorrect message classification in the Feixi Card operation callback, which could allow attackers to...
Tookie-OSINT 路径遍历漏洞
Tookie-OSINT is a cross-platform username discovery tool developed by Alfredredbird. Versions prior to Tookie-OSINT 4.1fix contained a path traversal vulnerability. This vulnerability stemmed from the use of user-input directly as file names in the auxiliary functions writetxt, writecsv, writejso...
D-Link DNS-320 命令注入漏洞
The D-Link DNS-320 is a NAS Network Attached Storage device produced by D-Link Corporation. The D-Link DNS-320 version 2.06B01 has a command injection vulnerability. This vulnerability stems from functions in the file /cgi-bin/networkmgr.cgi, namely...
Binaryen 安全漏洞
Binaryen is a WebAssembly open-source compiler framework and toolchain library written in C++. There are security vulnerabilities in Binaryen 117 and earlier versions, which stem from a reach assertion issue in the IRBuilder::makeBrOn function in the BrOn Parser component...
bitwarden 安全漏洞
Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks, allowing users of the provider service to add any organization a...
WeGIA 信息泄露漏洞
WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained an information leakage vulnerability. This vulnerability stemmed from the overly detailed error messages displayed by atendido/familiardocfamiliar.php, which could lead to...
docuForm FSM Server 代码问题漏洞
The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a code vulnerability caused by arbitrary file upload support in the pmupdate.p...
MinIO 路径遍历漏洞
MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO from RELEASE.2022-07-24T01-54-52Z to RELEASE.2026-04-14T21-32-45Z had a pa...
docuForm FSM Server 跨站脚本漏洞
The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions of Apple iOS before 18.7.7, as well as versions before 26.4,...
HireFlow 安全漏洞
HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the direct concatenation of user inputs into SQL queries through endpoints like /login and...
Wellbia XIGNCODE3 安全漏洞
Wellbia XIGNCODE3 is a client-side anti-cheat solution for online gaming security provided by the South Korean company Wellbia. There is a security vulnerability in Wellbia XIGNCODE3, which stems from providing access to the IRPMJREITS command interface. This allows any user process to request...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities. These vulnerabilities stem from issues with state handling, which may allow...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There is a security vulnerability in Apple macOS, which stems from issues with path processing logic, potentially allowing applications to access unprotected user data. The following versions...
WebDyne::Session 安全特征问题漏洞
WebDyne::Session is a server-side component developed by ASPEER’s individual developers, used for session management in web applications. Versions of WebDyne::Session 2.075 and earlier contained security vulnerabilities. These vulnerabilities stemmed from insecure session ID generation. The sessi...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...
docuForm FSM Server 安全漏洞
The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The docuForm FSM Server version 11.11c contains a security vulnerability, which stems from directory traversal attacks. This...
Grav CMS 安全漏洞
Grav CMS is an open-source file-based content management system developed by Grav. Versions of Grav CMS prior to 1.0.0-beta.15 contained security vulnerabilities. These vulnerabilities were caused by insecure direct object references and logical flaws, which could allow authenticated users to...
QuickJS 安全漏洞
QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. Version 0.12.1 of QuickJS contains a security vulnerability, which stems from a problem with the jsmappedargumentsmark function. This vulnerability could allow attackers to execute arbitrary code...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from heap-based out-of-bound reads during DNSSEC verification. This vulnerability allows remote attackers to cause denial-of-service attacks through specially crafted DNS packets...
libcaca 安全漏洞
libcaca is an open-source software library developed by cacalabs. It allows for converting images into color ASCII art. Versions of libcaca 0.99.beta20 and earlier contain security vulnerabilities. These vulnerabilities stem from integer overflows in the canvas import function. Attackers could...
pyLoad 路径遍历漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained a path traversal vulnerability. This vulnerability stemmed from the uncleaned folder names in the setpackagedata API function, which could allow users with Perms.MODIFY permissions to...
WSO2多款产品 安全漏洞
WSO2 API Manager, among others, are products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 API Control Plane is a control panel. WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 products have securi...
DeepChat 跨站脚本漏洞
DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the discrepancy between the backend validation layer and the front-end browser rendering engin...
CosyVoice 安全漏洞
CosyVoice is an open-source voice generation and AI voice cloning platform developed by FunAudioLLM. There was a security vulnerability in the previous version of CosyVoice. This vulnerability stemmed from the model loading component using torch.load to load model weight files without enabling th...
alien-freeimage 安全漏洞
alien-freeimage is a development file auxiliary module developed by the KMX individual developer for building and installing the FreeImage library. Versions of alien-freeimage 1.001 and earlier contain security vulnerabilities, which stem from the inclusion of multiple libraries that have known...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by an issue with permission checks, which could allow malicious applications to access arbitrary files...