195539 matches found
CyberArk Idira Identity Browser Extension 访问控制错误漏洞
The CyberArk Idira Identity Browser Extension is a browser identity authentication extension developed by the American company CyberArk. Versions of the CyberArk Idira Identity Browser Extension prior to version 26.8.1 contained an access control vulnerability. This vulnerability stemmed from a...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass in Telegram interaction callbacks, allowing authenticated users to bypass the...
Google Chrome 缓冲区错误漏洞
Google Chrome is a cross-platform web browser developed by Google. It primarily offers functions such as web browsing, extension support, and multi-tab management. Google Chrome has a privilege escalation vulnerability, which stems from the VideoCapture component failing to properly validate memo...
ClipBucket V5 SQL注入漏洞
ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3 – including version 132 – contained an SQL injection vulnerability. This vulnerability stemmed from the number parameter in the POST /actions/subtitleedit.php reques...
gst-plugins-bad 缓冲区错误漏洞
gst-plugins-bad is a GStreamer open-source plugin. gst-plugins-bad has a buffer error vulnerability, which stems from the multiple slice processing loop in the gsth266 parser’s gsth266parserparsepicturepartition function. This loop does not check whether the slice index exceeds the boundary. When...
Sonatype Nexus Repository 安全漏洞
Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software. There are security vulnerabilities in Sonatype Nexus Repository. These vulnerabilities stem from authentication endpoint issue...
Google Chrome 输入验证错误漏洞
Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing the internet and running web applications. Google Chrome has a security vulnerability that stems from improper handling of implementation logic in extensions. A remote attacker can exploit this...
KanaDojo 安全漏洞
KanaDojo is an attractive and customizable Japanese learning platform developed by lingdojo. Versions of KanaDojo prior to 0.18.0 contained security vulnerabilities. These vulnerabilities were caused by sandbox escape attacks, allowing attackers to execute arbitrary code by passing the global...
TP-Link Tapo C110 格式化字符串错误漏洞
The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. It is possible for authenticated...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an out-of-bound write issue in the GPU component. This vulnerability could allow remote attackers to execute sandbox escape through a specially...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios team, based on Promise a solution for asynchronous programming. Versions of Axios prior to 0.32.0 and 1.16.0 contain security vulnerabilities. These vulnerabilities stem from the Node.js HTTP adapter, which may forward the Proxy-Authorization...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in DigitalCredentials, which could allow a remote attacker with...
Cerebrate 安全漏洞
Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from reminder messages that did not suppress mentions sent to @everyone or @here, potentially...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google. Its main features include providing a fast, secure, and stable browsing experience. Google Chrome has a resource management vulnerability. This vulnerability stems from the Views component failing to properly handle the object lifecycle when...
Summarize 代码问题漏洞
Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.17.0 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgeing attacks. Attackers could exploit these vulnerabilities by providing maliciou...
Google Chrome 缓冲区错误漏洞
Google Chrome Video is a component that handles video decoding and rendering, primarily used to support video playback in the Chrome browser on ChromeOS. The Google Chrome Video component has a security vulnerability. This vulnerability stems from an improper check of boundaries during video data...
aiograpi 代码问题漏洞
aiograpi is an asynchronous Instagram API Python library developed by Mark. Versions of aiograpi prior to 0.9.10 contained code vulnerabilities. These vulnerabilities stemmed from accepting registration challenge paths provided by the server and using them to construct the request URL before...
Google Cloud Platform Dialogflow CX 安全漏洞
Google Cloud Platform Dialogflow CX is a conversational AI development platform based on natural language understanding and generation technology, provided by Google, Inc. There is a security vulnerability in Google Cloud Platform Dialogflow CX. This vulnerability stems from the lack of...
VMware Spring for GraphQL 访问控制错误漏洞
VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, have a access control vulnerability. This...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reuse of resources after their release, which could allow remote attackers to execute a sandb...
IBM Langflow 安全漏洞
IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.1 of IBM Langflow contain security vulnerabilities. These vulnerabilities stem from insecure direct object references, which could allow...
GitLab 处理逻辑错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 17.0, 18.11,...
MariaDB Server 命令注入漏洞
MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a reuse issue within the WebMIDI component, which could allow remote attackers to execute a sandbox escape throu...
Guzzle 输入验证错误漏洞
Guzzle is a PHP HTTP client developed by the guzzlehttp developer. It allows for easy sending of HTTP requests and seamless integration with web services. Prior to version 2.10.2, Guzzle had an input validation vulnerability. This vulnerability stemmed from allowing ASCII control characters,...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions 1.7.0 to 1.15.x of Axios contain security vulnerabilities. These vulnerabilities stem from the lack of enforcement of request and response size limits when using the fetch adapter, which may lead to resource exhaustion...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions of Apple macOS such as Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. These vulnerabilities stem from permission issues, which may lead to...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser based on the Chromium kernel, primarily offering web browsing capabilities and a rich ecosystem of plugins. Google Chrome has a heap buffer overflow vulnerability. This vulnerability stems from the Codecs component failing to properly handle carefully crafted HTML...
tmp 输入验证错误漏洞
“tmp” is a temporary file and directory creator developed by KARASZI István as a Node.js tool. Version 0.2.6 of “tmp” contains a vulnerability related to input validation. This vulnerability arises from the “assertPath” guard, which only rejects string values that contain the substring “..”. When...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained a security vulnerability. This vulnerability stemmed from a bypass of the approval policy in the Skill Workshop application process, allowing proxy tools to set appl...
SolidInvoice 安全漏洞
SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a security vulnerability. This vulnerability stemmed from API tokens being stored in the apitokens database table in plain text, which could allow attackers...
Cloud Foundry UAA和CloudFoundry CF Deployment 数据伪造问题漏洞
Cloud Foundry UAA is an identity verification and management service terminal developed by the Cloud Foundry Foundation in the United States, and it is used on the CloudFoundry platform. CloudFoundry CF Deployment is a code deployment component provided by the Cloud Foundry Foundation. Versions o...
OpenClaw 授权问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.22 contained security vulnerabilities. These vulnerabilities stemmed from a location verification issue in the Control UI pairing mechanism. This allowed attackers with network...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
VMware Spring for GraphQL 访问控制错误漏洞
VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, contain an access control vulnerability. This...
CyberArk Idira Privileged Session Manager 路径遍历漏洞
CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 contained a path traversal vulnerability. This vulnerability stemmed...
CyberArk Idira Endpoint Privilege Manager 安全漏洞
CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained security vulnerabilities, allowing local attackers to compromise the initialization ...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 had a security vulnerability due to insufficient checks, which could allow applications to bypass its sandbox...
Cerebrate 输入验证错误漏洞
Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability related to input validation errors. This vulnerability stemmed...
Thai Palliative SQL注入漏洞
Thai Palliative is a modified version of the PHP framework developed by DAMASAC KKU. Versions of Thai Palliative 3.0 and earlier have a SQL injection vulnerability. This vulnerability arises from the lack of cleaning or parameterization of the idFormMain parameter and the id parameter, which may...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact that audit commands did not disable mention resolution, allowing administrators...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability that stemmed from the reuse of resources after they were released in Core. This vulnerability could allow remote attackers to execute arbitrary code through a...
CyberArk Idira Secrets Manager SaaS Edge 访问控制错误漏洞
CyberArk Idira Secrets Manager SaaS Edge is a distributed confidential access node component offered by the American company CyberArk. Versions of CyberArk Idira Secrets Manager SaaS Edge prior to version 1.8 contained an access control vulnerability. This vulnerability stemmed from improper acce...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from insufficient source verification in node event handling, allowing paired nodes to forge exec lifecycle...
OpenClaw 权限许可和访问控制问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...
FPDI 资源管理错误漏洞
FPDI is an open-source PDF reading software developed by Setasign GmbH & Co. KG. Versions of FPDI prior to 2.6.7 contained a resource management vulnerability. This vulnerability allowed attackers to upload malicious PDF files, causing server-side scripts to crash due to memory exhaustion or scri...
WordPress plugin Product Filter by WBW SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin WpEvently 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
VMware Spring Web Services 授权问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...