195539 matches found
GL.iNet GL-MT3000 命令注入漏洞
GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number of 4.4.5 or earlier have a command injection vulnerability. This vulnerability stems from incorrect operations with the parameter...
BeikeShop 授权问题漏洞
BeikeShop is an open-source PHP e-commerce platform developed by BeikeShop. It supports multiple languages and currencies, as well as quick deployment. Versions of BeikeShop prior to 1.6.0.22 have vulnerabilities related to authorization. These vulnerabilities stem from the function callback in t...
cereal 安全漏洞
Cereal is an open-source C++11 serialization library developed by iLab at USC. It supports binary, XML, and JSON formats. Versions of Cereal 1.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the Shared Pointer Handler component, which may lea...
Hermes Agent 安全漏洞
Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent 0.12.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the function resolvesessionbytitle in the resume Endpoint component’s file hermesstate.py...
GL.iNet GL-MT3000 命令注入漏洞
GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from a problem with the function “rpcsys” in the LuCI JSON-RPC Interface component...
Chanjet CRM SQL注入漏洞
Chanjet CRM is a customer relationship management system developed by Chanjet Corporation. Version 1.0 of Chanjet CRM has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter gblOrgID in the HTTP GET Request Handler component...
deep-searcher 访问控制错误漏洞
Deep-Searcher is a private data search and intelligent question-answering tool developed by Zilliz, based on large models and VectorDB. Versions of Deep-Searcher 0.0.2 and earlier contain an access control vulnerability. This vulnerability stems from the operation of the CollectionRouter.invoke...
serialization 安全漏洞
Serialization is a data serialization and deserialization tool open source from Boost.org. Versions of serialization 1.91 and earlier have security vulnerabilities. These vulnerabilities stem from improper input validation by unknown functions for specified types, which may lead to remote attacks...
GL.iNet GL-MT3000 命令注入漏洞
GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number of 4.4.5 or earlier have a command injection vulnerability. This vulnerability stems from the incorrect handling of the parameter...
Tiobon Employee Self-Service System SQL注入漏洞
The Tiobon Employee Self-Service System is an enterprise employee self-service platform developed by Tiobon Corporation. Versions of the Tiobon Employee Self-Service System prior to 7.2 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter...
SecureAge CatchPulse 访问控制错误漏洞
SecureAge CatchPulse is a terminal security protection platform developed by SecureAge in Singapore, based on artificial intelligence and application white-list technology. Versions of SecureAge CatchPulse 10.9.1 and earlier contain an access control vulnerability. This vulnerability stems from...
MetaGPT 命令注入漏洞
MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the erroneous handling of the parameter mermaid.path in the function checkcmdexists found in the file...
JeeWMS 访问控制错误漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is an access control vulnerability in JeeWMS, which stems from issues with the handling of files in the /base-boot/actuator directory within the Boot Actuator Endpoint component. This vulnerability...
JeecgBoot 访问控制错误漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contain an access control vulnerability. This vulnerability stems from the function queryPageList in the User List Endpoint component, which process...
Comodo Internet Security 数字错误漏洞
Comodo Internet Security is a set of computer security software developed by the American company Comodo, primarily aimed at internet security. Comodo Internet Security has a digital error vulnerability; this vulnerability stems from an integer underflow in the IPv6 packet resolver within the...
GL.iNet GL-MT3000 命令注入漏洞
GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Versions of GL.iNet GL-MT3000 with a version number up to 4.4.5 have a command injection vulnerability. This vulnerability stems from an incorrect operation of the parameter ‘device’ ...
Jinher OA SQL注入漏洞
Jinher OA is a collaborative management software developed by Jinher Company in China. Version 1.0 of Jinher OA contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter httpOID in the file nextselectplan.aspx, which may lead to SQL injection...
Jinher OA C6 SQL注入漏洞
Jinher OA C6 is a digital office platform developed by Jinher Corporation. Jinher OA C6 has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter ‘queryID’ in the file/C6/JHSoft.Web.ModuleCount/GetFormSn.aspx, an unknown function. An attacker can exploit...
TP-Link Tapo C520WS 安全漏洞
The TP-Link Tapo C520WS is a WiFi camera produced by the TP-Link company. The TP-Link Tapo C520WS v2 has a security vulnerability. This vulnerability stems from logical flaws in the device’s API authorization mechanism. Attackers could exploit this flaw to bypass the whitelist restrictions and ma...
WordPress plugin WP User Manager – User Profile Builder & Membership 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
go-fastdfs-web 代码问题漏洞
go-fastdfs-web is a web management platform for a distributed file storage system developed by Perfree’s individual developers. Versions of go-fastdfs-web prior to 1.3.7 have code vulnerabilities; these vulnerabilities stem from issues with the checkServer function in the Installation Endpoint...
WordPress plugin Simple SEO Slideshow 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
TP-Link Tapo C520WS 安全漏洞
The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2 version has a security vulnerability. This vulnerability stems from a format string vulnerability in the ONVIF Subscribe service. Improper handling of parameters provided by external sources may...
WordPress plugin WPvivid Backup & Migration 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin SEO Plugin by Squirrly SEO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More 数据伪造问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Protocol::HTTP2 安全漏洞
Protocol::HTTP2 is a Ruby protocol library developed by CROX’s individual developers, which implements functions for encoding/decoding HTTP/2 protocols, frame handling, and connection management. Versions of Protocol::HTTP2 prior to 1.12 contained security vulnerabilities. These vulnerabilities...
WordPress plugin Click to Chat – WA Widget 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Express Payment For Stripe 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
iAI Lab PDF AI: Podcast, Notes, Slides 路径遍历漏洞
iAI Lab PDF AI: Podcast, Notes, Slides is an artificial intelligence-based PDF document analysis tool developed by iAI Lab. Version 4.21.0 of iAI Lab PDF AI: Podcast, Notes, Slides contains a path traversal vulnerability. This vulnerability arises from improper handling of the displayname paramet...
WordPress plugin MDJM Event Management 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be integrated...
OneDev 授权问题漏洞
OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.5 have...
WordPress plugin Page-list 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin OptinCraft – Drag & Drop Optins & Popup Builder SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Essential Addons for Elementor – Popular Elementor Templates & Widgets 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin LearnPress – Backup & Migration Tool 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin LearnPress – Backup & Migration Tool 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Smart Slider 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
TP-Link Tapo C520WS 安全漏洞
The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the ONVIF DeleteUsers service. Insufficient bounds checking allows authenticated attackers to send...
WordPress plugin All-In-One Security (AIOS) – Security and Firewall 品跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin Klamra Paycal for Aspaclaria 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
OneDev 授权问题漏洞
OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. OneDev versions 15.0.5 and earlier have...
TP-Link Tapo C520WS 安全漏洞
The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the ONVIF CreateUsers service. The device fails to correctly verify the number of XML user nodes, whi...
WordPress plugin EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Some...
WordPress plugin LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
VERTEX 操作系统命令注入漏洞
VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. Versions of vertex-app and vertex released on February 12, 2026, and earlier have a vulnerability related to operating system command injection. This...
WordPress plugin MapPress Maps for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...