195539 matches found
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteID parameter within the formModifyWebAuthWhiteUser function, which could allow...
Microsoft Windows Kerberos 异常处理不当漏洞
Microsoft Windows Kerberos is a software developed by Microsoft for authentication in network clusters. As a network authentication protocol, its primary goal is to provide robust authentication services for client/server applications through a key system. There are code-related vulnerabilities i...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing features such as cross-device collaboration, intelligent connectivity, and secure operation environments. The print module of Huawei HarmonyOS has a permission control vulnerability, which stems...
Microsoft Visual Studio Code 路径遍历漏洞
Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. There are security vulnerabilities in Microsoft Visual Studio Code. Attackers can exploit these vulnerabilities to alter information...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Microsoft Windows NT OS Kernel 缓冲区错误漏洞
The Microsoft Windows NT OS Kernel is the core of the Windows operating system developed by Microsoft Corporation. It is responsible for managing system resources, providing hardware abstraction, and ensuring system security and stability. There are security vulnerabilities in the Microsoft Windo...
Microsoft Office Excel 数字错误漏洞
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute code locally...
WordPress plugin Global Body Mass Index Calculator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Microsoft Windows Universal Disk Format File System Driver 缓冲区错误漏洞
The Microsoft Windows Universal Disk Format File System Driver is an open-source Windows file system driver developed by Microsoft. There is a security vulnerability in the Microsoft Windows Universal Disk Format File System Driver, which may allow authorized attackers to gain local privileges...
Microsoft Windows Performance Monitor 后置链接漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. Microsoft Windows has a post-release link vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows 10 Version 18...
Microsoft Windows NT OS Kernel 数字错误漏洞
The Microsoft Windows NT OS Kernel is the core of the Windows operating system developed by Microsoft Corporation. It is responsible for managing system resources, providing hardware abstraction, and ensuring system security and stability. There is an input validation vulnerability present in the...
NETGEAR多款产品 安全漏洞
NETGEAR Rax35 and other wireless routers are products of NETGEAR Corporation. Several NETGEAR products have security vulnerabilities, which stem from inadequate configuration management. This vulnerability could allow administrators who are connected to the local network to tamper with the system...
Apache Answer 代码问题漏洞
Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier had code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on the upload of dangerous types of files. The server did not properly verify the...
GPAC MP4Box 安全漏洞
GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a security vulnerability...
SEMCMS 跨站请求伪造漏洞
SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a cross-site request forgeing vulnerability, which stems from improper handling of POST requests directed to /admin/semcmsuser.php. This vulnerability may lea...
Spring Framework 授权问题漏洞
The Spring Framework is an application development framework developed by Spring in open source. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the Spring Framework contain authorization vulnerabilities. These vulnerabilities stem from the WebFlux application,...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
WordPress plugin Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
WordPress plugin WPForms 安全漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a security vulnerability in the WPForms plugin. This vulnerability stems from...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
QNAP QTS 缓冲区错误漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of QNAP Systems Corporation. QNAP Systems QTS is an entry-level operating system. QNAP Systems QuTS hero is another operating system. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities...
WordPress plugin jQuery Hover Footnotes 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Adobe Experience Manager Forms 跨站脚本漏洞
Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integrated analysis. The Adobe Experience...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Dreamweaver Desktop 输入验证错误漏洞
Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier have a vulnerability related to input validation. This vulnerability arises due to improper input validation, whic...
WordPress plugin kk blog card 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. This platform allows for the creation of personal blogs on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions of...
Adobe ColdFusion 输入验证错误漏洞
Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have a vulnerability related to input validation...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Windows Performance Monitor 数字错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a vulnerability in input validation of Microsoft Windows. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected: Windows 11...
Ellucian Banner Self-Service 跨站脚本漏洞
Ellucian Banner Self-Service is a higher education self-service platform developed by the American company Ellucian. Versions of Ellucian Banner Self-Service prior to 2025-04-23 had a cross-site scripting vulnerability. This vulnerability stemmed from the course search function not being...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Microsoft Windows 安全漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows, which stem from SecureBoot bypasses. These vulnerabilities could allow attackers with administrative privileges or those capable of modifyi...
WordPress plugin AJAX Report Comments 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Spring Framework 安全漏洞
The Spring Framework is an application development framework developed by Spring in a open-source manner. There are security vulnerabilities in Spring Framework versions 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier. These vulnerabilities stem from the SpEL...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...
Tenda W20E 安全漏洞
Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E has a buffer overflow vulnerability in the formCropAndSetWewifiPic function, specifically with respect to the picCropName parameter. An attacker can exploit this vulnerability to cause a denial-of-service attack...
WordPress plugin PICA Photo Gallery SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...
Microsoft Windows Network Controller (NC) 资源管理错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers have exploited this vulnerability, causing a denial-of-service attack on the system. The following products and version...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft DWM Core Library 缓冲区错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a vulnerability in input validation of the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...
WordPress plugin WP-Ultimate-Map 跨站请求伪造漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP-Ultimate-Map plugin has a cross-site request...
Adobe InDesign Desktop 安全漏洞
Adobe InDesign Desktop is a professional publishing layout and page design software, primarily used for printing and digital publication creation. Adobe InDesign Desktop has a stack buffer overflow vulnerability, which stems from insufficient input validation, leading to out-of-bound writing of...
Adobe Format Plugins 安全漏洞
Adobe Format Plugins is a format plugin developed by Adobe Inc. Versions of Adobe Format Plugins prior to 1.1.2 contained security vulnerabilities; these vulnerabilities were caused by heap buffer overflows, which could allow arbitrary code to be executed in the current user environment...
Red Hat 389 Directory Server 缓冲区错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server. This vulnerability stems from the checkPrefix function in the pw.c module, which copies the algorithm ID...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...
Microsoft Office 资源管理错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office, which stems from a heap buff...
OSCAL-GUI 跨站脚本漏洞
OSCAL-GUI is a graphical interface tool developed by OSCAL Corporation for creating, editing, viewing, and managing OSCAL compliance data models. OSCAL-GUI has a cross-site scripting vulnerability. This vulnerability stems from the fact that the project request parameters values in oscal-forms.ph...
TYPO3 CMS 路径遍历漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source project. Versions of TYPO3 CMS prior to 10.4.57, as well as versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3, have a path traversal vulnerability. This vulnerability stems from the...
TOTOLINK EX200 安全漏洞
TOTOLINK EX200 is a 2.4G wireless N range extender from TOTOLINK Corporation. It is designed to expand the coverage of an existing Wi-Fi network. The TOTOLINK EX200 version 4.0.3c.7646 contains a security vulnerability. This vulnerability stems from a minor permission violation in the vsftpd.conf...