195539 matches found
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source project. Versions 13.0.0–13.4.31 and 14.0.0–14.3.3 of TYPO3 CMS have security vulnerabilities. These vulnerabilities stem from the ability of users at the backend to move records to different pages without the necessar...
TYPO3 CMS 跨站脚本漏洞
TYPO3 CMS is a content management system developed under the open source TYPO3 framework. Versions of TYPO3 CMS from 13.0.0 to 13.4.30, and from 14.0.0 to 14.3.2 contain a cross-site scripting vulnerability. This vulnerability arises due to HTML tags in page titles being left uncleaned during...
Tenda PW201A 安全漏洞
The Tenda PW201A is a power line network adapter produced by the Chinese company Tenda. Version 1.0.5 of the Tenda PW201A contains a security vulnerability. This vulnerability stems from a buffer overflow in the page parameter within the qossetting function, which could allow attackers to cause...
Microsoft UxTheme 缓冲区错误漏洞
Microsoft UxTheme is a core system component built into the Windows operating system by Microsoft, used to render system windows, controls, and various graphical interface themes. There is a buffer overflow vulnerability in Microsoft UxTheme. Attackers can exploit this vulnerability to cause a...
Tenda W3 安全漏洞
The Tenda W3 is a wireless access point device from the Chinese company Tenda. Version 1.0.0.32204 of the Tenda W3 Wireless Router contains a security vulnerability. This vulnerability stems from multiple stack overflows in the formwrlSSIDset function, where the mitssid and misssidindex parameter...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 contain a...
Adobe InDesign Desktop 缓冲区错误漏洞
Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have a buffer error vulnerability. This vulnerability stems from out-of-bounds writing, which may allow arbitrary code to...
Microsoft Windows Secure Boot 处理逻辑错误漏洞
Microsoft Windows Secure Boot is a security boot feature provided by Microsoft Corporation. There are security vulnerabilities associated with Microsoft Windows Secure Boot. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are affected:...
Microsoft PC Manager 授权问题漏洞
Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...
Adobe CAI Content Credentials 输入验证错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 contain a...
NVIDIA DALI 安全漏洞
NVIDIA DALI is an open-source library for data loading and preprocessing, primarily used to accelerate image and video processing in deep learning workflows. NVIDIA DALI has a heap buffer overflow vulnerability. This vulnerability stems from improper handling of input data within certain...
Ellucian Banner Self-Service 跨站脚本漏洞
Ellucian Banner Self-Service is a higher education self-service platform developed by the American company Ellucian. Versions of Ellucian Banner Self-Service prior to 2025-04-23 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of the input...
389 Directory Server 数字错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. 389 Directory Server has a numerical error vulnerability, which stems from the SMD5 password storage plugin executing an unsigned integer underflow when calculating...
dcat-admin 访问控制错误漏洞
dcat-admin is a backend system building tool based on Laravel, developed by Jiang Qinghua. Versions of Dcat-Admin 2.2.3-beta and earlier contain an access control vulnerability. This vulnerability stems from the editorMDUpload function in /admin/dcat-api/editor-md/upload, which allows unlimited...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Windows Universal Plug and Play 资源管理错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are resource management vulnerabilities in Microsoft Windows. The following products and versions are affected: Windows Server 2025 Server Core installation, Windows 11 Version 25H2 for...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by the American company Microsoft. Microsoft Office SharePoint has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthUserInfo parameter within the formAddWebAuthUser function, which could allow attackers to caus...
Microsoft DWM Core Library 缓冲区错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There are security vulnerabilities in the Microsoft DWM Core Library. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 11 version...
Microsoft DWM Core Library 资源管理错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a resource management vulnerability in the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from design flaws in the TCP ULP support implemented in the net/smc module. This vulnerability allows an...
Adobe Experience Manager 输入验证错误漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Microsoft Windows Ancillary Function Driver for WinSock 竞争条件问题漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a compatibility issue vulnerability in Winsock by Microsoft Corporation. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected: Windows Server 2012 R2 Server Core...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Waves Central 代码问题漏洞
Waves Central is an audio software licensing and product management tool developed by Waves Corporation. Versions of Waves Central for macOS from 13.0.9 to 16.5.5 contain code vulnerabilities. These vulnerabilities stem from the use of a trusted XPC client component that employs enhanced runtime...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS. This vulnerability allows authenticated backend users to retrieve file metadata through multiple backend API routes, without proper permission checks. As a...
Microsoft Active Directory Domain Services 缓冲区错误漏洞
Microsoft Active Directory Domain Services is a key service provided by Microsoft Corporation in the United States. It is used to manage and organize resources, users, computers, and other security objects within a network. There are security vulnerabilities associated with Microsoft Active...
Huawei EMUI和Huawei HarmonyOS 权限许可和访问控制问题漏洞
Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...
Microsoft ASP.NET Core 资源管理错误漏洞
Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. There is a resource management vulnerability in Microsoft ASP.NET Core. Attackers can...
WordPress plugin WpMobi 跨站请求伪造漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The wpMobi plugin has a...
Microsoft azure kubernetes service 路径遍历漏洞
Microsoft Azure Kubernetes Service is a service provided by Microsoft Corporation for deploying, managing, and scaling containerized applications. Microsoft Azure Kubernetes Service has a path traversal vulnerability. Attackers can exploit this vulnerability to execute code remotely...
Spring Framework 跨站脚本漏洞
The Spring Framework is an application development framework developed by Spring in open source. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 have cross-site scripting vulnerabilities. These vulnerabilities stem from the cssClass, cssErrorClass, or cssStyle...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the iouring/waitid operation not clearing the waitid information before copying it to the user...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the greybus gb-beagleplay driver. In this driver, the cc1352bootloaderrx function does not check...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the tcfctflowtableget function in actct, which releases the RCU read lock within the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checks for whether minregionsz is a power of two in the damonstart function. This...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to release the nvkmdevice when aperture removal occurs during the detection process...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the functions nftnetdevunregisterhooks and nftunregisterflowtablenethooks not using listdelrcu,...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function kvmvcpuinitnested. This function reallocates and releases the kvm-arch.nestedmmus...
FastApiAdmin 跨站脚本漏洞
FastApiAdmin is a full-stack rapid development platform based on FastAPI, developed by the individual developer fastapiadmin. Version 2.2.0 of FastapiAdmin contains a cross-site scripting vulnerability. This vulnerability stems from the AI assistant chat feature, which has a cross-site scripting...
Microsoft Windows Push Notifications 竞争条件问题漏洞
Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are compatibility issues with Microsoft Windows Push Notifications. The following products and versions are affected: Windows 10...
Microsoft Windows Secure Boot 权限许可和访问控制问题漏洞
Microsoft Windows Secure Boot is a security boot mechanism developed by Microsoft Corporation. There is an access control error vulnerability in Microsoft Windows Secure Boot. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are affected:...
VMware Spring Framework 路径遍历漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48...
Microsoft Windows Push Notifications 信息泄露漏洞
Microsoft Windows Push Notifications is a push notification service provided by Microsoft Corporation. It provides a reliable way to deliver new updates. Microsoft Windows Push Notifications has information leakage vulnerabilities. The following products and versions are affected: Windows 10...
Microsoft Windows Bluetooth Service 资源管理错误漏洞
The Microsoft Windows Bluetooth Service is a Bluetooth driver provided by the American company Microsoft. The Microsoft Windows Bluetooth Service has a resource management vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are...
Microsoft Windows Kernel 缓冲区错误漏洞
The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows...
FreeSWITCH 安全漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH 1.11.0, there were security...