195539 matches found
Tenda AC6 命令注入漏洞
Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.23 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function formWifiApScan in the httpd component’s file/goform/WifiApScan, which processes parameters...
DeepChat 输入验证错误漏洞
DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from incomplete mitigation measures for CVE-2025-55733. Although the patch correctly...
docuForm FSM Server 跨站脚本漏洞
The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...
JetBrains TeamCity 访问控制错误漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the plugin/CloneSite/cloneClient.json.php file displaying the local CloneSite shared key in unvalidate...
Link Preview JS 代码问题漏洞
Link Preview JS is an open-source tool developed by op-engineering for extracting information about web links. Versions of Link Preview JS prior to 4.0.1 contained code vulnerabilities. These vulnerabilities stemmed from the library’s failure to detect IPv6 loop attacks, and DNS attacks that coul...
Wikimedia MediaWiki 信息泄露漏洞
Wikimedia MediaWiki is a web application developed by the Wikimedia Foundation for building Wiki websites. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained an information leakage vulnerability. This vulnerability resulted from sensitive information in the includes/Skin/Skin.Php...
MediaWiki 信息泄露漏洞
MediaWiki is a free and open-source wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. Versions of MediaWiki prior to 1.43.7, 1.44.4, and 1.45.2 contained a vulnerability that led...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Outline 安全漏洞
Outline is an open-source knowledge base developed by Outline. Versions 0.84.0 to 1.6.1 of Outline contain security vulnerabilities. These vulnerabilities stem from a logical error in the use of Array.some for verifying the OAuth scopes. As a result, if any single scope is valid, the entire scope...
Cowlib 注入漏洞
Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.6.0 of cowlib contains an injection vulnerability. This vulnerability arises from the program’s failure to properly filter CRLF sequences when processing events sent by the server, resulting in SSE...
Audiobookshelf 路径遍历漏洞
Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.2 contained a path traversal vulnerability. This vulnerability stemmed from the podcast creation endpoint accepting user-controlled file paths without adequate boundary...
Barebox 缓冲区错误漏洞
Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained a buffer error vulnerability. This vulnerability stemmed from the dhcpmessagetype function in DHCP option parsing, which did not verify whether the option pointers wer...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from allowing dotenv files in the workspace to override endpoints for Matrix, Mattermost, IRC, and Synology...
EDIMAX BR-6428nS 安全漏洞
The EDIMAX BR-6428nS is a wireless router produced by EDIMAX Corporation. The EDIMAX BR-6428nS V3 1.15 version has a security vulnerability. This vulnerability stems from insufficient input validation in the WLAN configuration function. It allows authenticated attackers to submit malicious inputs...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability that stems from information leakage. This vulnerability allows remote attackers to bypass source checks using specially crafted DNS packets containing information about RFC 7871 client subnets...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from an issue with DNSSEC verification. This vulnerability allows remote attackers to cause denial-of-service attacks through specially crafted DNS packets...
@workos/authkit-session 输入验证错误漏洞
@workos/authkit-session is an open-source session authentication and token management tool developed by WorkOS. Versions of @workos/authkit-session prior to 0.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of the...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by an authorization issue, which could allow applications to access sensitive user data...
GROWI 路径遍历漏洞
GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.5.0 and earlier have a path traversal vulnerability. This vulnerability allows attackers to execute arbitrary EJS templates on the server...
Apache Airflow 日志信息泄露漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 6.5.3, there was a vulnerability...
Wireshark MCP 路径遍历漏洞
Wireshark MCP is a network packet intelligence analysis tool developed by Bpple’s individual developer. Versions of Wireshark MCP 1.1.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the wiresharkexportobjects MCP tool accepting a destdir parameter controlle...
MLflow 路径遍历漏洞
MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLFlow prior to 3.9.0 contained a path traversal vulnerability. This vulnerability...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the WebUI returning complete Python trace details when exceptions were not handled properly. This could allow...
Docling 安全漏洞
Docling is a multi-format document parsing and AI integration tool open-sourced by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.fromstring to parse XML files without disabling entity parsing,...
pgAdmin 4 安全漏洞
pgAdmin 4 is an open-source management and development platform for PostgreSQL, developed by the pgAdmin Project. Versions of pgAdmin 4 prior to 9.15 contained security vulnerabilities. These vulnerabilities were caused by local file inclusion and server-side request forgeing, which could allow...
Docling 安全漏洞
Docling is an open-source multi-format document parsing and AI integration tool developed by the Docling Project. Versions of Docling 2.61.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of etree.parse to parse XML files without disabling entity parsin...
agents 资源管理错误漏洞
Agents is an open-source intelligent agent symbol learning and training framework developed by AIWaves. There is a resource management vulnerability in aiwaves-cn agents, which stems from the recallrelevantmemoriestoworkingmemory function in the core/cat/lookingglass/straycat.py file within the...
microdot 注入漏洞
Microdot is a minimalistic Python web framework developed by Miguel Grinberg. Versions of Microdot prior to 2.6.1 contained an injection vulnerability. This vulnerability stemmed from the Response.setcookie method not properly cleaning the string parameters, which could lead to header injection...
FlashAttention 安全漏洞
FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention, which stems from the checkpoint loading mechanism using torch.load to load checkpoint files without enabling the...
pgAdmin 安全漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained a security vulnerability. This vulnerability stemmed from improper restrictions on authentication attempts, which could allow attackers to bypass...
pgAdmin 代码问题漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had code vulnerabilities related to deserializing unreliable data. These vulnerabilities could allow authenticated users to execute remote code by placing...
pgAdmin SQL注入漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability could allow authenticated users to inject arbitrary commands in the psql copy command, enabling executio...
pgAdmin SQL注入漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...
pgAdmin 跨站脚本漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts, which could allow user-controlled PostgreSQL object names...
GPT PILOT 安全漏洞
GPT PILOT is an open-source AI-driven full-featured application development tool developed by Pythagoras-io. There is a security vulnerability in GPT PILOT, which stems from the Executor.run method accepting free-text input without proper validation. This vulnerability could allow attackers to...
cramfs-tools 路径遍历漏洞
cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools 2.1 and earlier contained a path traversal vulnerability, which originated from a function in the Directory Handler component called dodirectory in the cramfsck.c file, which allowed for...
Zephyr 安全漏洞
Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Apple多款产品 安全漏洞
Apple iOS and other products are owned by the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Flowise 代码问题漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained code vulnerabilities. These vulnerabilities stemmed from the direct import and invocation of the original HTTP client by multiple tools, without using...
HireFlow 安全漏洞
HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a security vulnerability. This vulnerability stems from the fact that all POST endpoints for state changes do not implement CSRF token verificatio...
Cowlib 注入漏洞
Cowlib is a web protocol message parsing and building library developed by Nine Nines. Version 2.9.0 of cowlib contains an injection vulnerability. This vulnerability stems from the cowcookie:cookie/1 function in cowlib, which constructs client Cookie request headers based on a list of name-value...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Grav 信息泄露漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-rc.2 contained an information leakage vulnerability. This...
Amazon::Credentials 安全特征问题漏洞
Amazon::Credentials is a credential management library developed by BIGFOOT developers, used for managing access keys and authentication information for cloud services. Versions of Amazon::Credentials prior to 1.2.0 had security vulnerabilities. These vulnerabilities stemmed from the use of the...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have security vulnerabilities; these...
WWBN AVideo 访问控制错误漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained an access control vulnerability. This vulnerability stemmed from the objects/users.json.php file exposing unvalidated paths, which could allow attackers to...