195539 matches found
bookcars 安全漏洞
Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the lack of encryption signature verification in the validateAccessToken function, which may allow attackers to bypass authentication...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Tenda W3 安全漏洞
Tenda W3 is a wireless access point device from the Chinese company Tenda. Version 1.0.0.32204 of Tenda W3 contains a security vulnerability. This vulnerability stems from a stack overflow issue with the wlradio parameter in the formWifiRadioSet function. It could allow attackers to cause...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
OpenSSL 异常处理不当漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
OpenSSL 加密问题漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incomplete handling of rlimits by the AppArmor module regarding POSIX CPU timers. This could...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
OpenSSL 缓冲区错误漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the abilit...
Apache Answer 安全漏洞
Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper neutralization of XSS syntax, resulting in AI-generated content being rendered...
FreeSWITCH 安全漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and messaging-related products and applications. Prior to FreeSWITCH version 1.11.1, there were security...
VMware Spring Framework 输入验证错误漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 5.3.0 to 5.3.48 contain a vulnerability related to input validation errors...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe InDesign Desktop 代码问题漏洞
Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have code vulnerabilities. These vulnerabilities stem from null pointer dereferencing issues, which can lead to applicatio...
NETGEAR多款产品 安全漏洞
NETGEAR RBR850 is a product of the NETGEAR company. The NETGEAR RBR850 is a router. The NETGEAR RBS850 is also a router. The NETGEAR RBS750 is another router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem from insufficient buffer input validation, which may...
VMware Spring Retry 安全漏洞
VMware Spring Retry is an application fault tolerance and retry framework developed by the American company VMware. Versions 2.0.0 to 2.0.12 and 1.3.0 to 1.3.4 of VMware Spring Retry contain security vulnerabilities. These vulnerabilities arise from triggering failures due to a large number of...
mem0 安全漏洞
mem0 is an open-source benchmark tool for efficient memory algorithms developed by Mem0. Versions of mem0 prior to 0.2.8 contain security vulnerabilities. These vulnerabilities stem from a lack of authorization verification, which may cause authenticated users with an API key to redirect all LLM...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
WordPress plugin Custom Block Builder 跨站脚本漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a website. The WordPress Plugin Custom Block Builder has a cross-site...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Microsoft Windows Program Compatibility Assistant Service 竞争条件问题漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. The Microsoft Windows Program Compatibility Assistant Service has a security vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a code execution vulnerability in Microsoft Office, which is caused by improper...
WordPress plugin WP Emoticon Rating 跨站请求伪造漏洞
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...
Microsoft Windows Universal Plug and Play 资源管理错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. The following products and versions are affected: Windows 10 Version 1809 for 32-bit Systems, Windows 10 Version 1809 for x64-based Systems...
microsoft hyper-v 缓冲区错误漏洞
Microsoft Hyper-V is an application developed by the American company Microsoft. It is a system management program that enables desktop virtualization. There is a code execution vulnerability in Microsoft Hyper-V, and attackers can exploit this vulnerability to execute arbitrary code on the syste...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthUserPwd parameter within the formAddWebAuthUser function. It could allow attackers t...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from the upload limit imposed on form definition files. This limit can be bypassed by using mixed uppercase and lowercase file extensions, allowing...
Microsoft Office Excel 缓冲区错误漏洞
Microsoft Office Excel is a spreadsheet software developed by Microsoft in the United States. Microsoft Office Excel has a buffer error vulnerability, which stems from integer underflow. This vulnerability may allow unauthorized attackers to execute code locally...
SAP MDG Review Match Groups Application 安全漏洞
The SAP MDG Review Match Groups Application is a data duplication detection tool developed by SAP, a German company. This application has security vulnerabilities; these vulnerabilities stem from the lack of necessary authorization checks, which may lead to privilege escalation...
Microsoft Office Sharepoint Server 反序列化注入漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There are code-related vulnerabilities in Microsoft Office SharePoint. The following products and versions are affected: Microsoft SharePoint Enterprise Server...
Microsoft DWM Core Library 资源管理错误漏洞
The Microsoft DWM Core Library is a core library of Microsoft Windows from the company Microsoft. There is a resource management vulnerability in the Microsoft DWM Core Library. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected:...
Adobe Acrobat Reader 缓冲区错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a buffer error vulnerability. This...
Fortinet FortiPortal 访问控制错误漏洞
Fortinet FortiPortal is a network security management portal product that primarily provides features such as network visualization, configuration management, and security policy monitoring. Fortinet FortiPortal has a access control vulnerability. This vulnerability stems from an inability to...
NETGEAR RAXE450和NETGEAR RAXE500 输入验证错误漏洞
NETGEAR RAXE450 and NETGEAR RAXE500 are wireless routers produced by the American company NETGEAR. Both devices have a vulnerability related to input validation. This vulnerability stems from the possibility of authenticated administrators who are connected to the local network being able to modi...
Veeam Backup And Replication 代码问题漏洞
Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. Veeam Backup and Replication has a code vulnerability that stems from allowing authenticated domain users to execute code remotely...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Microsoft Remote Desktop Client 资源管理错误漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There is a resource management vulnerability in Microsoft Remote Desktop Client. Attackers can exploit this vulnerability to execute code remotely. The following products and versions are affected:...
Microsoft Windows Ancillary Function Driver for WinSock 资源管理错误漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a accessibility driver for Winsock by Microsoft Corporation. The Microsoft Windows Ancillary Function Driver for WinSock has a resource management vulnerability that stems from reusing resources after they have been released. This...
NETGEAR Orbi 缓冲区错误漏洞
NETGEAR Orbi is a distributed WiFi system developed by NETGEAR, a company in the United States. Versions of NETGEAR Orbi 370 prior to V12.1.2.7 contained a buffer error vulnerability. This vulnerability allowed attackers to intercept and manipulate traffic between the router and the internet. The...
Hermes Web UI 安全漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.303 contained security vulnerabilities, which were caused by a TOCTOU race condition in the gitdiscard function. This vulnerability could allow attackers to delete file...
VMware Spring Framework 输入验证错误漏洞
VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware Corporation. This framework helps developers build high-quality applications. Versions of VMware Spring Framework from 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 contain a...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Visual Studio Code 代码注入漏洞
Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a code injection vulnerability. Attackers can exploit this vulnerability to gain higher privileges...
389 Directory Server 389-ds-base 缓冲区错误漏洞
389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a security vulnerability in 389 Directory Server, which stems from the ldaputf8prev function reading bytes from the buffer without boundary checks. This leads ...
Microsoft Office Sharepoint Server 授权问题漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There are authorization-related vulnerabilities in Microsoft Office SharePoint. Attackers can exploit these vulnerabilities to execute code remotely. The followi...
Microsoft Windows Push Notifications 竞争条件问题漏洞
Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are vulnerabilities related to competition conditions in Microsoft Windows Push Notifications. Attackers can exploit these...