195539 matches found
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation by the Popup Blocker, which could allow a remote attacker with access to th...
Eclipse OpenJ9 缓冲区错误漏洞
Eclipse OpenJ9 is a Java application engine developed by the Eclipse Foundation. This product is primarily used for running Java applications. Versions of Eclipse OpenJ9 from 0.21 to 0.58 contain a buffer error vulnerability. This vulnerability allows pre-authenticated remote attackers to cause t...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.66 and earlier contain security vulnerabilities. These...
Redis 资源管理错误漏洞
Redis is an open-source database developed by Redis Inc. in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis from 7.2.0 to 8.6.3 have a resource...
X.Org X Server 安全漏洞
The X.Org X Server is an X Window system display server developed by the X.Org Foundation. The X.Org X Server has a security vulnerability, which stems from an out-of-bound read operation during the handling of XKB modifier mappings. This vulnerability may lead to the disclosure of sensitive...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There were security vulnerabilities in Apache HTTP Server versions 2.4.30 to 2.4.66. These...
Redis 安全漏洞
Redis is an open-source database developed by Redis Technologies in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis 8.6.3 and earlier contained...
Redis 资源管理错误漏洞
Redis is an open-source database developed by Redis Inc. in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. There is a resource management vulnerability in Redis...
X.Org X Server 缓冲区错误漏洞
The X.Org X Server is an X Window system display server developed by the X.Org Foundation. The X.Org X Server has a buffer error vulnerability, which stems from out-of-bounds read accesses in the XKB geometry processing involving the CheckSetGeom and XkbAddGeomKeyAlias functions. This vulnerabili...
Eclipse Equinox OSGi 访问控制错误漏洞
Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions 3.8 to 3.18 of Eclipse Equinox OSGi contain access control vulnerability issues. This vulnerability stems from a remote code execution flaw in the console interface, allowing unauthenticated attacker...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a denial-of-service attack in the real-time WebSocket path for voice calls. It was possible for a...
Samsung多款产品 安全漏洞
SAMSUNG Mobile Processors are products of South Korea’s Samsung Corporation. SAMSUNG Mobile Processors are a series of mobile processors. SAMSUNG Modem 5400 is a 5G modem chip. SAMSUNG Modem Exynos is a series of modem chips. Several Samsung products have security vulnerabilities, which stem from...
EFM ipTIME C200 注入漏洞
EFM ipTIME C200 is a network camera device produced by the South Korean company EFM. The EFM ipTIME C200 models starting from version 1.092 and earlier have a vulnerability that stems from the sub408F90 function’s ApplyRestore endpoint, which processes the RestoreFile parameter. This vulnerabilit...
Code-MCP 路径遍历漏洞
Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Versions of Code-MCP 4cfc4643541a110c906d93635b391bf7e357f4a8 and earlier have a path traversal vulnerability. This vulnerability stems from a problem with the MCP File Handler component in the issafepath...
Google Chrome 竞争条件问题漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to race conditions in Chromoting. This vulnerability could allow local attackers to escalate their privileges through malicious files...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the platformgetirqbyname function returning an int value. This value is passed directly to the...
CoreDNS 授权问题漏洞
CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 have a vulnerability related to authorization. This vulnerability stems from improper handling of transport implementations for gRPC, QUIC, DoH, and DoH3, as well as TSIG authentication. As a result,...
CoreDNS 安全漏洞
CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from an error in the selection of ACL rules in the transfer plugin, which could allow unauthorized remote clients to execute AXFR/IXFR and...
CoreDNS 资源管理错误漏洞
CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a resource management vulnerability. This vulnerability stemmed from the lack of size validation for overly large dns query parameters in the DNS-over-HTTPS GET path, which could allow remote...
CoreDNS 安全漏洞
CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from the tsig plugin’s trust transfer writer, which relied on TsigStatus for verification instead of performing its own validation. This allowed...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which arises from the issue of excessive out-of-bounds read accesses when the number of dentryhashtable buckets is...
kestra 安全漏洞
Kestra is an open-source workflow automation platform developed by Kestra. Kestra versions 1.3.3 and earlier have security vulnerabilities. These vulnerabilities stem from the use of user-controlled GET parameters that are directly concatenated into SQL queries without proper cleaning or...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.4.9 to 2026.4.10 contained a security vulnerability. This vulnerability stemmed from a bypass of the sender policy in the outbound host media attachment reading assistant, which could...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from arbitrary file reading in the QQBot media tag, allowing attackers to reference local paths on hosts...
EFM ipTIME NAS1dual 缓冲区错误漏洞
EFM ipTIME NAS1dual is a network-attached storage device produced by the South Korean company EFM. Version 1.5.24 of EFM ipTIME NAS1dual contains a buffer overflow vulnerability. This vulnerability stems from a problem with the function getcsrfwhites in the file /cgi/advanced/miscmain.cgi, which...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw from 2026.2.22 to 2026.4.12 contained security vulnerabilities. These vulnerabilities were due to insufficient detection by the shell wrapper, allowing attackers to inject environment variable...
phoenix 安全漏洞
Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities were due to improper access control in browser snapshots, screenshot generation, and tag routing. As a result,...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability caused by the exposure of Media channel information. This vulnerability could allow remote attackers to exploit the vulnerability through specially crafted...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. The version of OpenClaw from 2026.4.5 to 2026.4.10 contains security vulnerabilities. These vulnerabilities stem from permission escalation, allowing write-range operators to modify persistent memory settings. This...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of server-side request forgery tactics in the existing session browser interaction routing...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient input validation in SSL, which could allow remote attackers with access to the render...
WordPress plugin Subscribe To Comments Reloaded 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after their release in the mobile version. It could allow remote attackers to exploit this...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bounds read operations in fonts. This vulnerability could allow remote attackers to execute out-of-bounds memory reads...
Sandboxie-Plus 安全漏洞
Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the RunSbieCtrl processor of the SbieIniServer module, which could lead...
Sandboxie-Plus 安全漏洞
Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contain security vulnerabilities. These vulnerabilities stem from the ProcessServer processing program’s use of wcscpy to copy the boxname field, without verifying an empt...
Sandboxie-Plus 安全漏洞
Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in WebAudio, which could allow remote attackers to execute...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the idxd driver failing to release the associated work queue when releasing objects...
WordPress plugin Betheme 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Google Android 安全漏洞
Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...
DIE-engine 安全漏洞
DIE-engine is a file type detection and reverse analysis tool developed by Hors’ individual developer. Versions of DIE-engine prior to 3.21 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks, allowing attackers to write arbitrary files into the file...
n8n 代码注入漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...
D-Link DIR-456U 信任管理问题漏洞
The D-Link DIR-456U is a wireless router produced by D-Link Corporation. The D-Link DIR-456U Hardware Revision A1 has a vulnerability related to trust management. This vulnerability stems from a hard-coded telnet backdoor, which may allow unauthenticated attackers on the local network to obtain a...
TOTOLINK N300RH 缓冲区错误漏洞
TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability stems from the function setWanConfig in the component POST Request Handler, specifically the...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from issues with the authentication-subscription endpoint in the...
mutt 安全漏洞
Mutt is an open-source command-line email client for sending emails from the terminal. Versions of Mutt prior to 2.3.2 contained a security vulnerability, which stemmed from an infinite loop in dataobjecttostream in crypt-gpgme.c...
Assimp 资源管理错误漏洞
Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Version 6.0.2 of Assimp contains a resource management vulnerability. This vulnerability originates from the ParseVectorDataArray method in FBXParser.cpp, and it could allow a...
Apache OpenNLP 安全漏洞
Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. There is a security vulnerability in Apache OpenNLP, which stems from AbstractModelReader not verifying whether the counts in array assignments are non-negative or within a reasonable range. This could lea...