195539 matches found
Microsoft Azure Cloud Shell 命令注入漏洞
Microsoft Azure Cloud Shell is a browser-based cloud command-line environment developed by Microsoft Corporation. There is a command injection vulnerability in Microsoft Azure Cloud Shell, which stems from improper neutralization of special elements in commands. This vulnerability could allow...
inngest-js 信息泄露漏洞
Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...
Query String Parser 安全漏洞
Query String Parser is a JavaScript tool for parsing query strings developed by Victor Teo. Version 1.0.0 of Query String Parser has a security vulnerability. This vulnerability arises from improper cleaning of query parameters provided by users and their merging into newly created objects, which...
PJSIP 信任管理问题漏洞
PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP version 2.17, there were vulnerabilities related to trust management. These vulnerabilities...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Version CI4MS 0.31.4.0 contains a cross-site scripting vulnerability. This vulnerability arises from the backup module’s filename field allowing XSS payloads to be hidden through SQL file tampering, potentially leading to full...
parse-ini 安全漏洞
parse-ini is a INI configuration file parsing library developed by the individual developer at pein-consulting.de. Version 1.0.6 of parse-ini contains a security vulnerability, which stems from prototype pollution in the index.js file...
LibreOffice 缓冲区错误漏洞
LibreOffice is a set of open-source office software products developed by The Document Foundation. Versions of LibreOffice between 26.2 and 26.2.3, as well as 25.8 and 25.8.7, contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds writing when processing specially...
Mozilla Firefox和Mozilla Firefox ESR 资源管理错误漏洞
Mozilla Firefox and Mozilla Firefox ESR are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Both Mozilla Firefox and Mozilla Firefox ESR have a resource management...
Admidio 授权问题漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was an authorization vulnerability. This vulnerability stemmed...
Admidio 跨站脚本漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site scripting vulnerability. This vulnerability...
OpenStack Cyborg 安全漏洞
OpenStack Cyborg is an open-source acceleration resource management and scheduling service component for OpenStack. Versions of OpenStack Cyborg prior to 16.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of rule:allow as the default policy for multiple API...
OpenStack Cyborg 安全漏洞
OpenStack Cyborg is an open-source acceleration resource management and scheduling service component of OpenStack. Versions of OpenStack Cyborg prior to 16.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the accelerator request API did not enforce project...
Dagster SQL注入漏洞
Dagster is an open-source orchestration platform developed by Dagster for developing, producing, and monitoring data assets. Versions of Dagster prior to 1.13.1 and Dagster libraries prior to 0.29.1 have a SQL injection vulnerability. This vulnerability arises from the fact that DuckDB, Snowflake...
CLI Proxy API 代码问题漏洞
CLI Proxy API is an open-source CLI proxy server developed by Router-For.ME, which supports multi-model APIs. Version 6.9.29 of the CLI Proxy API has a code vulnerability that stems from the handling of the url parameter in the file internal/api/handlers/management/apitools.go. This vulnerability...
Yarbo 信任管理问题漏洞
Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a vulnerability related to trust management. This vulnerability stems from hard-coded administrator credentials, which could allow attackers who are aware of these...
WordPress plugin Forminator Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Admidio 数据伪造问题漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a data manipulation vulnerability. This vulnerability stemm...
Yarbo 安全漏洞
Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a security vulnerability. This vulnerability stems from a hidden persistent backdoor, which may allow unauthorized, remote access with weak authentication to...
n8n-MCP 代码问题漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. There are code vulnerabilities in versions 2.47.4 to 2.47.13 of n8n-MCP. These vulnerabilities stem from the fact that the SSRFRProtection.validateUrlSync URL verifier does not check IPv6...
mathjs 安全漏洞
MathJS is an extension library for JavaScript and Node.js developed by Jos de Jong. It includes a flexible expression parser, offering integrated solutions for handling numbers, large numbers, complex numbers, units, matrices, etc. Versions of MathJS from 13.1.0 to 15.2.0 had security...
PHPGurukul Hospital Management System 跨站脚本漏洞
PHPGurukul Hospital Management System is a hospital management system developed by PHPGurukul company, based on PHP and MySQL technologies. The PHPGurukul Hospital Management System v4.0 version has a cross-site scripting vulnerability. This vulnerability stems from the...
ChestnutCMS 安全漏洞
ChestnutCMS is an enterprise-level content management system developed by liweiyi, featuring a front-end and back-end separation. Version 1.5.10 of ChestnutCMS contains a security vulnerability. This vulnerability stems from the fact that the content parameter of the cmscontent tag can be...
VINCE 安全漏洞
VINCE is an open-source CERT coordination center developed and used by the U.S. CERT Coordination Center. It serves as a platform for improving vulnerability disclosure efforts. Versions of VINCE prior to 3.0.38 contained security vulnerabilities. These vulnerabilities were caused by code...
monetr 安全漏洞
Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.5 contained a security vulnerability. This vulnerability stemmed from server-side request forgeing in the Lunch Flow integration, which could allow authenticated users to send HTT...
Nocobase SQL注入漏洞
Nocobase is an open-source low-code platform developed by NocoBase. Versions of Nocobase prior to 2.0.39 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of checkSQL validation for the sqlCollection:update endpoint, which could allow attackers with collection...
CI4MS 输入验证错误漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. In versions 0.31.1.0 to 0.31.8.0 of CI4MS, there was a vulnerability related to input validation errors. This vulnerability stemmed from the deleteProcess operation not verifying whether the table name in the POST parameter...
Ivanti EPMM 访问控制错误漏洞
Ivanti EPMM is a product developed by the American company Ivanti, designed to help IT departments establish policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained an access control vulnerability. This vulnerability...
WordPress plugin BEAR 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
ZTE Cloud PC client uSmartView 代码问题漏洞
ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. There is a code vulnerability in ZTE Cloud PC client uSmartView, which stems from a DLL hijacking vulnerability. Since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful...
Wallos 代码问题漏洞
Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos 4.8.4 and earlier contained code vulnerabilities due to incomplete SSRF protections. The vulnerability arises from the use of gethostbyname to verify the Webhook URL without utilizing the...
Saltcorn 输入验证错误漏洞
Saltcorn is an open-source, scalable, and code-free database application builder developed by Saltcorn developers. Vulnerabilities existed in versions prior to Saltcorn 1.4.6, 1.5.6, and 1.6.0-beta.5, due to input validation errors. These vulnerabilities stemmed from the dest parameter validation...
Notepad Next 代码注入漏洞
Notepad Next is a notepad software developed by dail8859. Versions of Notepad Next prior to 0.14 contained a code injection vulnerability. This vulnerability stemmed from the detectLanguageFromExtension function, which directly inserted file extensions into Lua scripts without proper cleanup. Thi...
Proticaret E-Commerce 跨站脚本漏洞
Proticaret E-Commerce is an online store and e-commerce management platform owned by Proticaret Company in Turkey. Versions of Proticaret E-Commerce from 5.0.0 to 6.0.1767.1383 had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, whi...
MongoDB Server 代码问题漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. Versions of MongoDB Server prior to 8.2 and 8.2.7 contained code vulnerabilities...
WordPress plugin WPGraphQL 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
GDAL 缓冲区错误漏洞
GDAL is an open-source geospatial data abstraction library developed by GDAL. Versions of GDAL 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from the operation of the parameter DataFieldName in the function GDnentries within the file...
OSGeo gdal 缓冲区错误漏洞
OSGeo GDAL is an open-source geospatial raster and vector data processing library developed by OSGeo. OSGeo GDAL versions 3.13.0dev-4 and earlier contain a buffer error vulnerability. This vulnerability stems from a function called memmove in the frmts/hdf4/hdf-eos/SWapi.c file, which is part of...
OpenEXR 输入验证错误漏洞
OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. There is a input validation vulnerability in OpenEXR, which stems from integer overflows in the ImageChannel::resize function, leading to out-of-bounds write operations on the...
OpenEXR 缓冲区错误漏洞
OpenEXR is an open standard for high dynamic range image HDR file format, open-sourced by the Academy Software Foundation. Versions of OpenEXR from 3.0.0 to 3.2.9, 3.3.0 to 3.3.11, and 3.4.0 to 3.4.11 contain a buffer error vulnerability. This vulnerability arises from the IDManifest::init...
Admidio 代码问题漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 had code vulnerabilities. These vulnerabilities stemmed fr...
Incus 代码问题漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained code vulnerabilities due to lack of error handling. These vulnerabilities could allow authenticated users to cause the daemon process to crash by importing truncated backup files...
Vvveb 安全漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities stemmed from information leaks in the cron controller, which could allow...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from writing two files with predictable names in the system’s temporary directory...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from incorrect escaping of URLs in the content attribute of meta tags, potentially leadin...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which causes a crash on Windows when NUL characters are entered...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from not considering ParseQuery’s limitation on the total number of query parameters. Thi...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when the script tag contains an empty type attribute or a type attribute containing an...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of cleanup of output file names. When extracting malicious archive files, t...
GitHub Enterprise Server 访问控制错误漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was an access control...
GitPython 参数注入漏洞
GitPython is a Python library developed by gitpython-developers, designed for interacting with Git repositories. Versions of GitPython prior to 3.1.47 contained a parameter injection vulnerability. This vulnerability stemmed from the use of clone to validate multioptions, followed by the executio...