195539 matches found
Microsoft Windows Performance Monitor 数字错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Performance Monitor has a numerical error vulnerability. Attackers can exploit this vulnerability to execute code. The following products and versions are affected: Windows 1...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function skbgroreceive, which does not check the zero-copy status during the copy of frags,...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability arises from the vgicitsinvalidatecache function, which incorrectly places an iteration pointer ...
ARM CPU 竞争条件问题漏洞
The ARM CPU is a series of central processing units developed by the British company ARM. The ARM CPU has a race condition vulnerability, which arises from the possibility of writing to resources with higher exception levels. The following products are affected: C1-Ultra, C1-Premium, Neoverse V3,...
Adobe InDesign Desktop 安全漏洞
Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have security vulnerabilities. These vulnerabilities stem from stack buffer overflow exploits, which may allow arbitrary...
FreeSWITCH 授权问题漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was an...
WordPress plugin KittyCatfish SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Microsoft Windows Push Notifications 竞争条件问题漏洞
Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are compatibility issues with Microsoft Windows Push Notifications. The following products and versions are affected: Windows...
Microsoft Exchange Server 代码注入漏洞
Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There is a code injection vulnerability in Microsoft Exchange Server. Attackers can explo...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the wewifiWhiteUserInfo parameter within the formAddWewifiWhiteUser function. It may allow...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from...
WordPress plugin FV Flowplayer Video Player 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a...
Microsoft PC Manager 后置链接漏洞
Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. Microsoft PC Manager has a post-release link vulnerability. Attackers can...
Adobe Acrobat Reader 安全漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have security vulnerabilities. These...
Microsoft Remote Desktop Client 缓冲区错误漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10 Version...
SQLFluff 安全漏洞
SQLFluff is an open-source SQL linter that features flexible and configurable syntax. Versions of SQLFluff prior to 4.1.0 contained a security vulnerability. This vulnerability stemmed from the parser’s improper handling of maliciously overly nested SQL queries, which could lead to resource...
NETGEAR多款产品 输入验证错误漏洞
NETGEAR Rax35 and other wireless routers are products of NETGEAR Corporation. Several NETGEAR products have a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators who are connected to the local network to tamper wit...
bookcars 安全漏洞
BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from the/api/create-car-image component, which has a vulnerability related to arbitrary file uploads. This could allow attackers to execute...
Microsoft Office 资源管理错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...
Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility issue driver developed by Microsoft for Winsock. This driver contains a vulnerability known as a race condition. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the macAddr parameter of the formDelStaState function, which could allow attackers to cause...
degit 操作系统命令注入漏洞
Degit is a tool developed by Rich Harris as a quick replication mechanism for Git repositories. Versions of degit prior to 2.8.6, as well as versions 3.0.0 to 3.3.1, contained an operating system command injection vulnerability. This vulnerability stemmed from improper handling of user input for...
Microsoft Windows Push Notifications 信息泄露漏洞
Microsoft Windows Push Notifications is a push notification service provided by Microsoft Corporation. It provides a reliable way to deliver new updates. However, Microsoft Windows Push Notifications has information leakage vulnerabilities. Attackers can exploit these vulnerabilities to obtain...
Taier 授权问题漏洞
Taier is a distributed scheduling system open source by DTStack. It aims to reduce the costs of ETL processes, clarify complex dependencies between tasks, and lower labor costs related to submission, scheduling, and operations. Versions of Taier 1.4.0 and earlier have vulnerabilities related to...
Microsoft Visual Studio Code 日志信息泄露漏洞
Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a vulnerability related to information leakage. Attackers can exploit this vulnerability to obtain sensitive information...
Microsoft Windows Deployment Services 资源管理错误漏洞
Microsoft Windows Deployment Services are a container for Windows deployment services an updated and redesigned version of Remote Installation Services RIS provided by Microsoft Corporation. These services allow for the setup of new computers through network-based unattended installations...
bookcars 安全漏洞
BookCars is a car rental management platform developed by Akram El Assas. Version 8.3 of BookCars contains a security vulnerability. This vulnerability stems from an insecure authentication mechanism in the/api/social-sign-in endpoint, which could allow attackers to bypass authentication using...
Huawei HarmonyOS 资源管理错误漏洞
Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There is a resource management vulnerability in HUAWEI HarmonyOS, which stems from a race condition in the IPC module and may...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Spring Framework 跨站脚本漏洞
The Spring Framework is an application development framework developed by Spring in open source. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 have cross-site scripting vulnerabilities. These vulnerabilities stem from improper escaping of...
Apptha Slider Gallery 路径遍历漏洞
Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery contains a path traversal vulnerability. This vulnerability stems from improper handling of the imgname parameter, which may allow unauthenticated...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper handling of file backend mounting by the erofs file system. This issue may allow I/O...
Svelte 安全漏洞
Svelte is an open-source approach to building web applications. Versions of Svelte from 5.51.5 to 5.55.7 contained a security vulnerability. This vulnerability stemmed from the exponential increase in time taken for internal regular expression tests, which could lead to denial-of-service attacks...
Microsoft Windows Secure Boot 软件供应链问题漏洞
Microsoft Windows Secure Boot is a security boot mechanism developed by Microsoft Corporation. There are security vulnerabilities associated with Microsoft Windows Secure Boot. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are affected...
Tenda G0 安全漏洞
Tenda G0 is a router produced by the Chinese company Tenda. The version 15.11.0.5 of Tenda G0 contains a security vulnerability. This vulnerability stems from a stack overflow issue in the picCropName parameter within the formCropAndSetWewifiPic function. It may allow attackers to cause...
Adobe InDesign Desktop 代码问题漏洞
Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have code vulnerabilities. These vulnerabilities stem from null pointer dereferencing issues, which can lead to applicatio...
GPAC MP4Box 处理逻辑错误漏洞
GPAC is an open-source multimedia framework developed by GPAC. Version 2.4 of GPAC contains a security vulnerability. This vulnerability stems from a floating-point exception in the gfopusparsepacketheader function, which could allow attackers to cause denial-of-service attacks through specially...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E version 15.11.0.10 has a buffer overflow vulnerability. This vulnerability stems from the faulty handling of the gotoUrl parameter in the formPortalAuth function, which fails to properly validate the length ...
Huawei HarmonyOS 授权问题漏洞
Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There are vulnerabilities related to authorization in HUAWEI HarmonyOS. These vulnerabilities stem from the permission control...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Microsoft Windows TCP/IP 缓冲区错误漏洞
Microsoft Windows TCP/IP is a component provided by Microsoft Corporation that offers TCP/IP configuration functions for Windows. There are security vulnerabilities associated with Microsoft Windows TCP/IP. The following products and versions are affected: Windows Server 2022, Windows 11 Version...
Microsoft Exchange Server 跨站脚本漏洞
Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability. Attackers utilize thi...
pretix 安全漏洞
Pretix is a ticketing system developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from including the secrets of connected gift cards during the creation of all reusable media exports. As a result, it is possible for users who create these exports t...
Adobe Acrobat Reader 缓冲区错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a buffer error vulnerability. This...
MongoDB Server 日志信息泄露漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Office Word 缓冲区错误漏洞
Microsoft Office Word is a word processing software developed by Microsoft and open sourced. There are security vulnerabilities in Microsoft Office Word. Attackers can exploit these vulnerabilities to obtain sensitive information. The following products and versions are affected: Microsoft 365 Ap...
Microsoft Office 资源管理错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office, which stems from a heap buff...