195539 matches found
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient and untrusted input validation in the Updater, which could allow local attackers to...
ISPConfig 跨站脚本漏洞
ISPConfig is a set of open-source host control panels based on Linux by the ISPConfig company. It allows for the management of multiple servers through a web-based control panel, the creation of websites, and the monitoring of server status. Version 3.3.0 of ISPConfig contains a cross-site...
WordPress plugin Publish 2 Ping.fm 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
RedisTimeSeries 安全漏洞
RedisTimeSeries is an open-source time series data structure for Redis. Versions of RedisTimeSeries prior to 1.12.14 have a security vulnerability. This vulnerability stems from the module not properly verifying the serialized values processed via the Redis RESTORE command. Authorized attackers c...
FacturaScripts 安全漏洞
FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.92 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the nick parameter in the POST request of the EditUser...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to clear the txrunning flag when canceling TX DMA transfers via the 8250 serial port...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from the uninitialized use of GPU resources, which could allow remote attackers to exploit the system by leaking cross-source dat...
EFM ipTIME NAS1dual 缓冲区错误漏洞
EFM ipTIME NAS1dual is a network-attached storage device produced by the South Korean company EFM. Version 1.5.24 of EFM ipTIME NAS1dual contains a buffer overflow vulnerability. This vulnerability stems from a problem with the function getcsrfwhites in the file /cgi/advanced/miscmain.cgi, which...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation. This vulnerability stemmed from insufficient trust-based input validation in the Omnibox component, which could allow remote attackers to injec...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient execution of the DirectSockets strategy, which could allow remote attackers to perform...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by type confusion in WebRTC. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially crafted HT...
Google Chrome 信息泄露漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability known as information leakage. This vulnerability originated from improper implementations in the V8 engine, and it could allow remote attackers to obtain potentially...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by GPU integer overflow. This vulnerability could allow remote attackers to execute arbitrary read and write operations through...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after their release in the Audio component, which could allow remote attackers to execute...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by the exposure of Media channel information. This vulnerability could allow remote attackers to exploit the vulnerability through specially crafted...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in CORS requests, which could allow remote attackers to bypass the origin...
itsourcecode Courier Management System 注入漏洞
itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to parameter handling in the file/printpdets.php, which may lead to SQL injection attacks...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a denial-of-service attack in the real-time WebSocket path for voice calls. It was possible for a...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities were due to improper access control in browser snapshots, screenshot generation, and tag routing. As a result,...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.22 to 2026.4.12 contained security vulnerabilities. These vulnerabilities were due to insufficient detection by the shell wrapper, allowing attackers to inject environment variable...
NagaAgent 路径遍历漏洞
NagaAgent is a 2D AI assistant developed by RTGS2017. It supports streaming tool calls, knowledge graph memory, and voice interactions. Versions of NagaAgent 5.1.0 and earlier have a path traversal vulnerability. This vulnerability stems from the handling of the parameter Name by the Skills...
Masa CMS SQL注入漏洞
Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...
Gotenberg 代码问题漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg 8.30.1 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the default private IP denial-of-service list usin...
Twenty 代码问题漏洞
Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty 1.18.0 and earlier have code vulnerabilities. These vulnerabilities stem from a flaw in the SSRF protection mechanism, which can be bypassed by IPv6 addresses mapped via IPv4. The Node.js URL parser standardizes IPv6...
phoenix 安全漏洞
Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from issues with the check time and usage time in the validateScriptFileForShellBleed function. This could...
PhpSpreadsheet 跨站脚本漏洞
PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. PhpSpreadsheet has a cross-site scripting vulnerability. This vulnerability arises when the HTML Writer skips htmlspecialchars output escaping when using custom number formats that contain ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the failure to reset the register ID after performing the BPFEND operation. This vulnerability m...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of server-side request forgery tactics in the existing session browser interaction routing...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.12 contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the auxiliary support channel; the empty authorization approver list was...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.5 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from permission escalation, allowing write-range operators to modify persistent memory settings. This...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient trust in input validation within the Updater, which could allow local attackers to...
Google Chrome 跨站请求伪造漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a cross-site request forgeing vulnerability. This vulnerability stemmed from improper implementation of MHTML, and it could allow remote attackers to leak cross-source data through special...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in SSL, which could allow remote attackers with access to the render...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by improper implementation in Companion. This vulnerability could allow remote attackers to gain operating system-level privileges...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a type confusion in the l2capecredreconfrsp function. This vulnerability may lead to valid packets being...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the Persistent Cache mechanism, which could allow remote attackers with...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the Extensions policy, which could allow remote attackers to bypass autonomous access control...
Bitcoin Core 安全漏洞
Bitcoin Core is an open-source client for verifying the validity of blockchain transactions. There are security vulnerabilities in versions 0.14 to 28.x of Bitcoin Core, and these vulnerabilities stem from security issues, though the details remain undisclosed...
fast-uri 安全漏洞
fast-uri is an open-source, dependency-free RFC 3986 URI parser and toolkit developed by Fastify. Versions of fast-uri 3.1.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the normalize function decoding percent-encoded permission separators within the host...
CoreDNS 资源管理错误漏洞
CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a resource management vulnerability. This vulnerability stemmed from the lack of size validation for overly large dns query parameters in the DNS-over-HTTPS GET path, which could allow remote...
PaperCut Hive 日志信息泄露漏洞
PaperCut Hive is a cloud-based printing management solution developed by the Australian company PaperCut. PaperCut Hive has a vulnerability related to log information leakage. This vulnerability arises from the recording of plaintext management credentials when the deep logging mode is enabled...
Traccar 安全漏洞
Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. There were...
D-Link DI-8100 缓冲区错误漏洞
The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function tgglasp in the file/tggl.asp within the HTTP...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation. This vulnerability stemmed from insufficient trust-based input validation by FedCM, which could allow remote attackers to exploit the system by...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in DevTools, allowing attackers who persuade users to install malicious extensions to leak...
Apache Thrift 安全漏洞
Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a security vulnerability, which was caused by an excessive memory allocation size value...
WordPress plugin GenerateBlocks 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...