195539 matches found
Aero CMS 代码注入漏洞
Aero CMS is a content management system developed by the American company Aero CMS. Version 0.0.1 of Aero CMS has a code injection vulnerability. This vulnerability stems from PHP code injection in the image parameter, which may allow authenticated attackers to execute arbitrary PHP code by...
Sentry 代码注入漏洞
Sentry is an open-source error tracking and performance monitoring platform for developers. Version Sentry 8.2.0 contains a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated superusers to execute arbitrary commands by injecting...
Balbooa Joomla Forms Builder SQL注入漏洞
Balbooa Joomla Forms Builder is a website form building plugin provided by Balbooa Corporation, which offers visual form design and data collection features. Version 2.0.6 of Balbooa Joomla Forms Builder contains an SQL injection vulnerability. This vulnerability stems from an unauthenticated SQL...
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 240425 version has a command injection vulnerability. This vulnerability stems from the OS command injection present in the function advance within the file/cgi-bin/wireless.cgi, when dealing with...
OpenCart 跨站请求伪造漏洞
OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.3.7 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the...
OpenCart 跨站请求伪造漏洞
OpenCart is an open-source e-commerce system developed by the OpenCart team in China. This system provides modules for product reviews, product ratings, and product addition. Version 3.0.36 of OpenCart has a cross-site request forgeing vulnerability. This vulnerability stems from the /account/edi...
WordPress Plugin Contact Form to Email 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...
Net-CIDR-Lite 安全漏洞
Net-CIDR-Lite is a Perl module for working with CIDR addresses from Stig Personal Developers. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly validating IP address and CIDR mask input, which could lead to IP ACL bypass...
CMDBuild 跨站脚本漏洞
CMDBuild is an open-source web-based enterprise environment for configuring custom applications for asset management. Version 3.3.2 of CMDBuild contains a cross-site scripting vulnerability. This vulnerability stems from multiple stored-cross-site scripting vulnerabilities, allowing authenticated...
uBidAuction 跨站脚本漏洞
uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for...
PHP 缓冲区错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from certain functions passing signed chars to the ctype function. On systems with default signed cha...
PHP 资源管理错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability stemmed from the object deduplication mechanism in the SOAP extension, which stored pointers to PHP...
WordPress plugin Jetpack 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PHP 缓冲区错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained a buffer error vulnerability. This vulnerability arises when a code name containing a NUL byte is passed to the mbconvertencoding or related mbstring functions. The code...
PHP 代码问题漏洞
PHP is an open-source scripting language executed on the server side. There were code vulnerabilities in versions prior to PHP 8.2.31, 8.3.31, 8.4.21, and 8.5.6. These vulnerabilities stemmed from a flaw where, when the SOAP server was configured with type mapping, incorrect variables were checke...
PHP 安全漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.4.21 and 8.5.6 contained security vulnerabilities. These vulnerabilities stemmed from the DOMNode::C14N method, which might improperly handle XML data, causing a circular linked list to be formed in t...
PHP 缓冲区错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a buffer error vulnerability. This vulnerability stemmed from the use of the metaphone function, which used signed integer variables to track the current...
libexpat 安全漏洞
libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.1 had security vulnerabilities, which stemmed from the computational complexity of attribute name conflict checks. These vulnerabilities could potentially lead to denial-of-service...
PHP 跨站脚本漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 had a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of user data, allowing attackers to construct URLs that allowed arbitrary...
XML::LibXML 缓冲区错误漏洞
XML::LibXML is an open-source Perl interface tool developed by CPAN authors for parsing and manipulating XML files. Versions of XML::LibXML 2.0210 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the parsing of XML node names that contained truncated UTF-8 byte...
memono Notepad 安全漏洞
Memono Notepad is a lightweight note-taking app developed by Memono Corporation, designed for concise recording and text management. Version 4.2 of Memono Notepad contains a security vulnerability. This vulnerability stems from the practice of pasting excessively long characters into note fields,...
Canias ERP 授权问题漏洞
Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains an authorization vulnerability. This vulnerability stems from the parameter clientVersion in the Login...
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless printing server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability arises from the operation of the wzdrepeater function in the file/cgi-bin/adm.cgi, which handles parameters such as...
JeecgBoot 跨站脚本漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained a cross-site scripting vulnerability. This vulnerability originated from an unknown function in the SVG File Handler component, specifical...
HCL BigFix WebUI 安全漏洞
HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in the HCL BigFix WebUI that stems from improper authorization and could allow authenticated users without Master Operator privileges to access internal data and bypass privilege requirements throu...
Hikvision HikCentral Professional 安全漏洞
Hikvision HikCentral Professional is a professional edition of the AI Cloud-based application management platform designed for edge domains by Hikvision, a Chinese company. Hikvision HikCentral Professional has security vulnerabilities, particularly an access control issue that may allow...
Net::IMAP 安全漏洞
Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.3.10, 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for man-in-the-middle attackers to cause...
Pillow 安全漏洞
Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 11.2.1 to 12.2.0 contained security vulnerabilities. These vulnerabilities were caused by the possibility of a heap buffer overflow when nested lists were passed as coordinates to the API...
Pillow 输入验证错误漏洞
Pillow is an open-source image processing library developed by Pillow. Versions of Pillow prior to 12.2.0 contained a vulnerability related to input validation errors. This vulnerability could lead to integer overflow when the advancement of each character in the font was too large...
PgBouncer 输入验证错误漏洞
PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to PgBouncer 1.25.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from integer overflows in the network packet parsing code, which allowe...
Pelican Command Line 安全漏洞
Pelican Command Line is an open-source federal data client and source service tool developed by the Pelican Platform. Security vulnerabilities exist in versions of Pelican Command Line between 7.21.0 and 7.21.5, 7.22.0 and 7.22.3, 7.23.0 and 7.23.3, and 7.24.0 and 7.24.2. These vulnerabilities st...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the system’s API endpoints leaking license data and installed versions to authenticated users...
EZVIZ APP 安全漏洞
EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...
GrapheneOS 安全漏洞
GrapheneOS is a mobile operating system developed by GrapheneOS Inc. Prior versions of GrapheneOS, including 2026050400, contained security vulnerabilities. These vulnerabilities stemmed from the optimization of the registerQuicConnectionClosePayload function, which could allow attackers to...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 had security vulnerabilities. These vulnerabilities stemmed from the ability to create, replace, and delete user avatars without restricting user update permissions...
JeecgBoot 授权问题漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains an authorization vulnerability. This vulnerability stems from an unknown function in the mLogin Endpoint’s file...
Pillow 输入验证错误漏洞
Pillow is an open-source image processing library developed by Pillow. In versions 10.3.0 to 12.2.0, Pillow had a vulnerability related to input validation errors. This vulnerability could lead to memory corruption when processing malicious PSD files, potentially causing crashes or arbitrary code...
Net::IMAP 安全漏洞
Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of ResponseReader, which had a quadratic time complexity when...
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability arises from the handling of parameters wlchannel/wlPass/EncrypType in the changewifipassword function located in the...
Akaunting 代码问题漏洞
Akaunting is an application software developed by Akaunting Company that provides all the tools needed for online fund management. Version 3.1.21 of Akaunting has a code vulnerability; this vulnerability stems from an unknown processing in the Invoice PDF Rendering component’s config/dompdf.php...
Linkwarden 代码问题漏洞
Linkwarden is a self-hosted collaborative bookmark manager developed by Linkwarden OpenSource. Versions of Linkwarden prior to 2.13.0 had code vulnerabilities. These vulnerabilities stemmed from insufficient URL validation in the fetchTitleAndHeaders function, which only checked the http:// or...
Fess 注入漏洞
Fess is a powerful and easy-to-deploy enterprise search server developed by the CodeLibs Project. Versions of Fess 15.5.1 and earlier contained a vulnerability due to an injection flaw in the JSP File Handler component. This flaw stemmed from the update function in the...
Hikvision多款产品 安全漏洞
Hikvision DS-3E1310P-SI, DS-3E1318P-SI, and DS-3E1326P-SI are all intelligent switch devices from Hikvision, a Chinese company. Several Hikvision products have security vulnerabilities. These vulnerabilities stem from insufficient input validation, allowing authenticated attackers to execute...
liquidjs 安全漏洞
liquidjs is a simple, expressive, secure and Shopify-compatible pure JavaScript template engine by Jun Yang, a personal developer. A security vulnerability exists in liquidjs versions prior to 10.25.7, which stems from a circular block reference that leads to an infinite recursive loop, consuming...
osTicket 跨站请求伪造漏洞
osTicket is a widely used and trusted open-source support ticket system by the osTicket company. Versions of osTicket prior to 1.18.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the handling of the method parameter in the Dispatcher component’s file...
Open5GS 资源管理错误漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a resource management vulnerability. This vulnerability stems from operations performed by the gtpv1urecvcb function in th...
Gibbon 安全漏洞
Gibbon is a school platform developed by the Gibbon team that addresses practical problems encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks. When attempting to extract PHP files...
Gibbon 安全漏洞
Gibbon is a school platform developed by the Gibbon team, designed to address practical problems that educators face every day. Versions of Gibbon prior to v30.0.01 contained security vulnerabilities. These vulnerabilities stemmed from local file inclusions. By changing the report archive directo...
Bubblewrap 安全漏洞
Bubblewrap is a set of open-source, non-privileged sandbox tools developed by Containers. Versions of Bubblewrap from 0.11.0 to 0.11.2 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to attach to Bubblewrap using setuid mode and control the...