195539 matches found
PHP SQL注入漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 have a SQL injection vulnerability. This vulnerability stems from the improper handling of NUL bytes by the PDO Firebird driver when processing SQL queries, which can...
WordPress plugin MStore API 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin Picture Gallery 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Canias ERP 命令注入漏洞
Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a command injection vulnerability. This vulnerability stems from the operation of the...
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the operation of the WifiBasic function in the file/cgi-bin/wireless.cgi regarding the parameters...
WordPress plugin GetPaid 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MiniClaw 命令注入漏洞
MiniClaw is an AI memory and evolution tool developed by a personal developer. Versions 0.8.0 and 0.9.0 of MiniClaw contain command injection vulnerabilities. These vulnerabilities stem from the function resolveSkillScriptPath in the System Command Handler component’s src/kernel.ts file, which...
WordPress plugin Slider by Soliloquy 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Ultimate Product Catalog 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Survey & Poll SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin cab-fare-calculator 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Testimonial Slider and Showcase 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Devs Palace ERP Online 跨站脚本漏洞
Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...
Dotouch XproUPF 安全漏洞
Dotouch XproUPF is an intelligent conference tablet device from the Dotouch company, featuring integrated touch display and multimedia interaction capabilities. The Dotouch XproUPF 2.0.0-release-088aa7c4 version contains a security vulnerability. This vulnerability stems from improper access...
WordPress Plugin AccessPress Social Icons 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
memono Notepad 安全漏洞
Memono Notepad is a lightweight note-taking app developed by Memono Corporation, designed for concise recording and text management. Version 4.2 of Memono Notepad contains a security vulnerability. This vulnerability stems from the practice of pasting excessively long characters into note fields,...
ProjectSend 跨站脚本漏洞
ProjectSend cFTP is an open-source set of self-hosted applications based on PHP and MySQL by ProjectSend. Version r1295 of ProjectSend contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting vulnerability in the files-edit.php file, which could...
WordPress plugin AAWP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Netroics Blog Posts Grid 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Canias ERP 授权问题漏洞
Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the parameter clientVersion in the Login...
Rocket LMS 跨站脚本漏洞
Rocket LMS is an educational platform system developed by the American company Rocket, which integrates online course management and learning interaction functions. Version 1.1 of Rocket LMS contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...
WordPress plugin TheCartPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CyberPanel 后置链接漏洞
CyberPanel is a virtual hosting control panel developed by Usman Nasir, which includes DNS and email servers. Version 2.1 of CyberPanel has a post-backlink vulnerability. This vulnerability stems from an issue with the filemanager controller endpoint, where command execution is possible. This cou...
Argus Surveillance Dvr 代码问题漏洞
Argus Surveillance DVR is a general-purpose software for the security mixing platform developed by Argus Surveillance in the United States. It can work simultaneously with wireless and wired IP cameras, TV boards, capture cards, power lines, and USB cameras. Version 4.0 of Argus Surveillance DVR...
WordPress plugin Videos sync PDF 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Devs Palace ERP Online 跨站脚本漏洞
Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...
MotoPress Hotel Booking Lite 跨站脚本漏洞
MotoPress Hotel Booking Lite is a hotel booking software developed by MotoPress. Version 4.2.4 of MotoPress Hotel Booking Lite contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw in the accommodation type field, which may allow...
ImpressCMS 代码注入漏洞
ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...
Canias ERP 授权问题漏洞
Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability; this vulnerability stems from the function...
WordPress plugin Curtain 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack in the function...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function pcfsesssetipv6prefix in the PCF component’s file...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the sm-policies Endpoint component, specifically t...
Net-CIDR-Lite 安全漏洞
Net-CIDR-Lite is a Perl module for handling CIDR addresses from the individual developers at Stig. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly handling extra zero characters in CIDR mask values, which could lead to IP ACL bypass...
Catalyst::Plugin::Statsd 安全漏洞
Catalyst::Plugin::Statsd is a plugin module by Robert Rothenberg, an individual developer, for capturing application runtime metrics and sending them to a statistics system. A security vulnerability exists in Catalyst::Plugin::Statsd 0.10.0 and earlier versions, which stems from an unencrypted...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the updateauthorizedpccruleandqos function in the SMF component...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the delete Endpoint component called...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the sm-policies Endpoint called...
WordPress plugin IP2Location Country Blocker 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Canias ERP 授权问题漏洞
Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the operation of the doAction function in...
Drupal avatar_uploader 跨站脚本漏洞
Drupal avatarUploader is an extension developed by Drupal Corporation that provides website users with functionality for uploading and managing avatars. The Drupal avatarUploader 7.x-1.0-beta8 version contains a cross-site scripting vulnerability. This vulnerability stems from improper handling o...
Textpattern CMS 代码问题漏洞
TextPattern CMS is a content management system based on PHP developed by the TextPattern team. Version 4.8.7 of TextPattern CMS has a code vulnerability that stems from a remote code execution flaw in the file upload function. This vulnerability could allow authenticated attackers to execute...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by uBidAuction Company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for the...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...
Evolution CMS 代码注入漏洞
Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...
OpenCart 安全漏洞
OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.3.8 of OpenCart has a security vulnerability, which stems from a session fixation vulnerability. This...
Canias ERP 安全漏洞
Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability. This vulnerability stems from observed differences in the response of the...
Devs Palace ERP Online 跨站脚本漏洞
Devs Palace ERP Online is a cloud-based enterprise resource planning and business management system developed by Devs Palace. Versions of Devs Palace ERP Online 4.0.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from an unknown function in the...
EFM ipTIME A8004T 缓冲区错误漏洞
The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T contains a buffer error vulnerability. This vulnerability stems from an stack buffer overflow issue in the formWifiBasicSet function within the file/goform/WifiBasicSe...