195539 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after the Dawn process is terminated...
Headplane 路径遍历漏洞
Headplane is a web management interface for Headscale, developed by Aarnav Tale. Versions of Headplane prior to 0.6.3 and 0.7.0-beta.3 contained a path traversal vulnerability. This vulnerability stemmed from path traversal and authorization bypass issues in the Headscale API client during node a...
jshERP(华夏ERP) 代码问题漏洞
jshERP Huaxia ERP is a domestic ERP system developed by Jishan Hua. Versions of jshERP 3.6 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the parameter platformValue in the platformConfig Add endpoint, specifically in the insertPlatformConfig...
Google Chrome 竞争条件问题漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to network conditions, known as a “network condition vulnerability.”...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after Bluetooth is released...
Bagisto 路径遍历漏洞
Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Bagisto has a path traversal vulnerability. This vulnerability stems from improper validation of user inputs in the ImageCacheController component. It allows unauthenticated remote attackers to send specially...
CodeAstro Leave Management System 注入漏洞
The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a SQL injection vulnerability. This vulnerability stems from the handling of the parameter “Name” in the file/admin/searchstafftoassignpc.php,...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a security vulnerability that arises from its uninitialized state...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
YesWiki 代码注入漏洞
YesWiki is a wiki system built using PHP, developed by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.6 had a code injection vulnerability; this vulnerability stemmed from an insecure execution flaw in the...
Bank Management System 安全漏洞
Bank Management System is a banking management system developed by Alien developers. There is a security vulnerability in Bank Management System, which stems from operations in the TransactionEndpoint component file...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after Printing is released...
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during the creation and updating of DatasetRows. This vulnerability could le...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after Media has been released...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability, which stems from the reuse of WebCodecs after they are released...
AgentCore CLI 代码注入漏洞
AgentCore CLI is an open-source AI agent development and deployment command-line tool developed by Amazon Web Services. Versions of AgentCore CLI prior to 0.14.2 contained a code injection vulnerability. This vulnerability stemmed from improper use of triple quotes in Python code generation. It...
student_management_system 注入漏洞
studentmanagementsystem is a student information management tool personally developed by Vivek Singh. There is an injection vulnerability in studentmanagementsystem. This vulnerability stems from an unknown function in the Login component, located in the/index.ph file, which improperly handles...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.4 contained a security vulnerability. This vulnerability stemmed from the use of the SHA-1 hash algorithm for handling attachments. The SHA-1 algorithm is vulnerabl...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Vulnerabilities exist in Apache HTTP Server versions 2.4.0 to 2.4.67. These vulnerabilities ste...
STACKIT IaaS API 安全漏洞
THE STACKIT IaaS API is a cloud infrastructure management interface provided by the German company STACKIT. There is a security vulnerability in THE STACKIT IaaS API. This vulnerability stems from the lack of authorization checks, which may allow authenticated, low-privilege attackers to elevate...
HTMLSanitizer 跨站脚本漏洞
HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 2.3.2 had a cross-site scripting vulnerability. This vulnerability occurred when ALLOWINSECURERAWTEXT was enabled, resulting in blank variant closing tags being ignored, which could lead to...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of MediaCapture data...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.67 and earlier contain security vulnerabilities, which stem fro...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after Autofill is released...
Flowise 访问控制错误漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability. This vulnerability stemmed from a lack of server-side verification and authorization checks at the tool’s update...
neovim 注入漏洞
Neovim is a modern, scalable text editor developed by Neovim OpenSource. Versions of Neovim 0.12.2 and earlier contained a vulnerability due to incorrect handling of the path parameter in the M.read function within the viewbranch component. This vulnerability could lead to command injection attac...
Weaviate 授权问题漏洞
Weaviate is an open-source vector database developed by Weaviate. Versions of Weaviate 1.37.7 and earlier had an authorization vulnerability. This vulnerability stemmed from incorrect handling of the parameter “StaticApiKey” in the function “validateConfig” within the Static API Key Handler...
Flowise 访问控制错误漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability, which stemmed from a batch assignment vulnerability in the assistant update endpoints. This vulnerability could...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
CodeAstro Ingredients Stock Management System 注入漏洞
CodeAstro Ingredients Stock Management System is a stock management system for ingredients developed by CodeAstro Inc. Version 1.0 of the CodeAstro Ingredients Stock Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the...
Keycloak 授权问题漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from improper access control in the POST /admin/realms/realm/partialImport endpoint, which may allow limited administrators to bypass...
Flowise 安全漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from issues with batch assignment during evaluation and creation processes, which could lead t...
Tenda F451 命令注入漏洞
The Tenda F451 is a wireless router produced by the Chinese company Tenda. Versions 1.0.0.7 and 1.0.0.9 of the Tenda F451 contain command injection vulnerabilities. These vulnerabilities stem from improper handling of the parameter “mac” in the formWriteFacMac function within the Web Management...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.67 and earlier contain security vulnerabilities. These...
CodeAstro Student Attendance Management System 注入漏洞
CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter classId ...
GL.iNet多款产品 加密问题漏洞
GL.iNet MT3000 and other products are developed by GL.iNet Corporation. The GL.iNet MT3000 is a portable router that uses the Wi-Fi 6 protocol. The GL.iNet AX1800 is a wireless router. The GL.iNet A1300 is a Wi-Fi 5 travel router. Several of GL.iNet’s products have encryption vulnerabilities, whi...
Imagination Graphics DDK 安全漏洞
Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK. This vulnerability arises from improper GPU system calls when the software runs as a non-privileged user. This leads to errors in managing...
WordPress plugin Seotheme 访问控制错误漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
VMware Cloud Foundation Operations 安全漏洞
VMware Cloud Foundation Operations is a private cloud operations management platform provided by the American company VMware. There is a security vulnerability in VMware Cloud Foundation Operations. This vulnerability stems from multiple storage-based cross-site scripting vulnerabilities, which...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There were security vulnerabilities in Apache HTTP Server versions 2.4.0 to 2.4.67. These...
grepai 加密问题漏洞
grepai is a semantic search-based code understanding tool developed by Yoan Bernabeu. Version 0.35.0 of grepai has an encryption vulnerability. This vulnerability stems from improper handling of the parameter contenthash in the PostgresStore.LookupByContentHash function within the file...
req 注入漏洞
“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.5.3 to 0.6.0 had an injection vulnerability. This vulnerability stemmed from improper neutralization of CRLF sequences, which could lead to multipart parameter smuggling through parts of the...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
Tenda CX12L 缓冲区错误漏洞
The Tenda CX12L is a home-use wireless router device from the Chinese company Tenda. The version 16.03.53.12 of the Tenda CX12L contains a buffer error vulnerability. This vulnerability stems from the setSchedWifi function in the Wi-Fi Schedule Configuration Endpoint component...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. in the United States. Google Chrome has a vulnerability related to input validation, which stems from Passwords’ insufficient validation for untrusted inputs...
Mobile Verification Toolkit 路径遍历漏洞
The Mobile Verification Toolkit is an open-source mobile device forensics analysis tool developed by MVT. Versions of the Mobile Verification Toolkit prior to version 2026.5.12 contained a path traversal vulnerability. This vulnerability stemmed from file identifiers that were not cleared during...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a buffer overflow vulnerability, which stems from out-of-bounds writes...
Checkmk 跨站脚本漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions contain a cross-site scripting vulnerability. This vulnerability stems from the storage of malicious HTML or JavaScript in the change logs,...