195539 matches found
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.3.22 to 2026.4.5 contained a security vulnerability. This vulnerability stemmed from the handling of symbolic link traversal in remote market repository paths, which could allow...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in DevTools, which could allow attackers who persuade users to install malicious extensions to...
Google Chrome 竞争条件问题漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a race condition vulnerability, which was caused by shared storage race conditions. This vulnerability could allow remote attackers to exploit the system by exploiting specially...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of passwords after they were released, which could allow remote attackers to execute arbitrary code...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...
Nix 安全漏洞
Nix is a package manager developed by Nix itself. Versions of Nix prior to 2.34.7 contained a security vulnerability. This vulnerability stemmed from directory traversal attacks using the nix-prefetch-url --unpack or nix store prefetch-file --unpack commands, allowing access to and writing...
WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in the Views component, which could allow...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.7 to 2026.4.14 contains security vulnerabilities. These vulnerabilities stem from a logic that downgrades the heartbeat owner, causing it to skip Webhook wake-up events carrying...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after the Navigation object was released, which could allow remote attackers to execute a...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of DevTools policies, which could allow local attackers to escalate their privileges...
openmrs-core 路径遍历漏洞
OpenMRS-core is an open-source electronic medical record system developed by OpenMRS. OpenMRS-core has a path traversal vulnerability. This vulnerability stems from the getFile method in ModuleResourcesServlet, which does not validate path boundaries. As a result, unauthorized attackers may be ab...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in DevTools, which could allow remote attackers to exploit cross-source da...
MCP Docusaurus Toolkit 路径遍历漏洞
MCP Docusaurus Toolkit is a documentation management and semantic search platform developed by Bucamp Axle’s individual developers. The MCP Docusaurus Toolkit has a path traversal vulnerability, which stems from the operations on the parameter DOCSDIR/path in the functions updatedocument,...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in Mobile mode, which could allow local attackers to inject arbitrary scripts or...
Jupyter Server 路径遍历漏洞
Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier contain a path traversal vulnerability. This vulnerability stems from path traversal issues in the REST API, which may all...
Sandboxie-Plus 安全漏洞
Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus prior to 1.17.2 contained a security vulnerability. This vulnerability stemmed from the HashPassword function, which incorrectly shifted the high half-bits 8 positions to the right instead o...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from the use of GPUs without proper initialization, which could allow remote attackers to obtain potentially sensitive informatio...
WordPress plugin Schedule Post Changes With PublishPress Future 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
Jupyter Server 输入验证错误漏洞
Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of t...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hcill driver failing to release the firmware during a firmware download error path, potential...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ext4fcreplayinode function not releasing iloc.bh at the wrong path, potentially leading to...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from the improper initialization of Dawn, which could allow remote attackers to obtain sensitive information from the process...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by a V8 object lifecycle issue. This vulnerability could allow remote attackers to execute out-of-bound memory reads through special...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of UI elements after they were released, which could allow remote attackers to execute arbitrary code...
Google Chrome 访问控制错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a access control vulnerability. This vulnerability stemmed from insufficient policy enforcement in Autofill, which could allow remote attackers to exploit the vulnerability through...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by ANGLE integer overflow. This vulnerability could allow remote attackers to exploit the vulnerability through specially crafted HTML pages, resultin...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of WebApp policies, which could allow remote attackers to execute UI deception through specially...
Google Chrome 跨站脚本漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a cross-site scripting vulnerability, which was caused by improper implementation of ServiceWorker. This vulnerability could allow attackers to inject arbitrary scripts or HTML through...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after TopChrome was released, which could allow remote attackers to execute a sandbox esca...
GPAC 安全漏洞
GPAC is an open-source multimedia framework developed by GPAC. There is a security vulnerability in GPAC, which stems from a buffer overflow in the gfsvgparseattribute function found in the src/scenegraph/svgattributes.c file. This vulnerability could lead to a denial-of-service attack...
WordPress plugin Mentoring 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Vaultwarden 数据伪造问题漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García. Versions of Vaultwarden 1.35.4 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from updating credential metadata before signature verification during the...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation. This vulnerability stemmed from insufficient trust-based input validation in the Payments component, which could allow a remote attacker with...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in Search, which could allow remote attackers to leak cross-source data through specially...
D-Link DI-8100 缓冲区错误漏洞
The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from a function in the POST Parameter Handler component called...
Altice Labs GR140DG和Altice Labs GR140IG 安全漏洞
Altice Labs GR140DG and Altice Labs GR140IG are fiber-optic access gateway devices from the Portuguese company Altice Labs. Both devices have security vulnerabilities. The vulnerability stems from the ping diagnostic handler in /bin/httpdclientside, which inserts uncleaned user inputs into the...
WordPress plugin DX Sources 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from the use of GPUs without proper initialization, which could allow remote attackers to obtain sensitive information from the...
WordPress plugin Geeky Bot 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds write-ups related to WebRTC, which could allow remote attackers to execute arbitrary code within a...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code within a...
CodeCanyon Perfex CRM 注入漏洞
CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the operation of the Admin Kanban endpoint in the...
eLabFTW 安全漏洞
eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reusing of resources after they were released in Chromoting, which could allow remote attackers to execute...
itsourcecode Courier Management System 注入漏洞
itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to parameter handling in the file/printpdets.php, which may lead to SQL injection attacks...
ERPNext 代码注入漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Version 13.4.0 of ERPNext contains a code injection vulnerability. This vulnerability stems from a sandbox escape vulnerability present in RestrictedPython. It allows authenticated user...
ERPNext 安全漏洞
ERPNext is a set of open-source enterprise resource planning solutions developed by the Indian company ERPNext. Versions of ERPNext prior to v15.103.1 contained security vulnerabilities. These vulnerabilities were caused by server-side template injection. Attackers who had access to create or edi...
WordPress plugin User Registration & Membership 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
OpenCTI 授权问题漏洞
OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...