195539 matches found
InfiniStore 安全漏洞
InfiniStore is a high-performance Key-Value cache storage tool open-sourced by Bytedance Inc. Versions of InfiniStore 0.2.33 and earlier contain security vulnerabilities, which stem from an algorithmic complexity issue in the purgekvmap function of the KV Map Handler component’s src/infinistore.h...
OpenAI Atlas 安全漏洞
OpenAI Atlas is an AI browser developed by OpenAI in the United States, which integrates artificial intelligence assistants into the browsing experience. Versions of OpenAI Atlas prior to 1.2025.288.15 contained a security vulnerability. This vulnerability stemmed from exposing privileged browser...
Guardrails 安全漏洞
Guardrails is a Python framework open source by Guardrails AI. Version 0.10.1 of Guardrails contains a security vulnerability. This vulnerability stems from the release of a malicious version to PyPI, which may cause damage to user systems...
SourceCodester Ship Ferry Ticket Reservation SQL注入漏洞
SourceCodester Ship Ferry Ticket Reservation is an open-source ticket reservation service developed by SourceCodester. Versions of SourceCodester Ship Ferry Ticket Reservation prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the Username...
Arista EOS和Arista CloudVision eXchange 安全漏洞
Arista EOS and Arista CloudVision eXchange are both products of the American company Arista. Arista EOS is a fully programmable, highly modular Linux-based network operating system. Arista CloudVision eXchange is a control plane switching platform designed for data centers and enterprise networks...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...
Redline WR3200 安全漏洞
The Redline WR3200 is a Wi-Fi 4 router from the Turkish company Redline, capable of supporting 300Mbps wireless transmission. The Redline WR3200 versions from 7.1.3 to 7.1.8 have security vulnerabilities. These vulnerabilities stem from improper authentication, lack of authentication for critical...
Open XDMoD SQL注入漏洞
Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 10.0.3 contained a SQL injection vulnerability. This vulnerability allows unauthenticated remote attackers to execute arbitrary S...
SAMSUNG Members 安全漏洞
Samsung Members is a community platform app developed by South Korea’s Samsung Corporation. Versions of Samsung Members prior to 5.8.01.5 contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow local attackers to use Samsung Members...
Markdown Preview Enhanced 操作系统命令注入漏洞
Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained a vulnerability related to operating system command injection. This vulnerability stemmed from opening external files and links via the shell...
HCL Digital Experience Compose 安全漏洞
HCL Digital Experience Compose is an enterprise-level content creation and digital experience management platform developed by the Indian company HCL. HCL Digital Experience Compose has a security vulnerability, which stems from a reflection-type cross-site scripting issue in the search center...
Linqi 安全漏洞
Linqi is an English speaking practice platform developed by the German company Linqi. The platform combines human language interaction with AI feedback. Linqi has a security vulnerability, which stems from the lack of authorized checks. As a result, any authenticated user can read and write...
Linqi 安全漏洞
Linqi is an English speaking practice platform developed by the German company Linqi. There is a security vulnerability in Linqi, which stems from improper authentication at the/api/Cdn/GetFile endpoint. This allows unauthorized remote attackers to bypass file access controls, but the actual...
Termix 操作系统命令注入漏洞
Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained an operating system command injection vulnerability. This vulnerability stemmed from the GET /ssh/filemanager/ssh/resolvePath endpoint using double quotes to escape shel...
Markdown Preview Enhanced 安全漏洞
Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...
WordPress plugin Alba Board 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
HAX 操作系统命令注入漏洞
HAX is an open-source microsite developed by HAX The Web, managed using PHP as the backend. Versions of HAX prior to 26.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from an authenticated file overwrite vulnerability, which could allow...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability. This vulnerability arises from administrators with delegated access rights to read group member identities and user information. They can bypass user profile permission...
Lyrion Music Server 跨站脚本漏洞
Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated reflective cross-site scripting vulnerability present in the server.log endpoint,...
Ansible 参数注入漏洞
Ansible is an easy-to-use IT automation system developed under the open source license of Ansible. Ansible has a parameter injection vulnerability, which stems from improper use of the parameter separator in the ansible-galaxy role install command, allowing arbitrary code to execute...
UDS Identity Config 安全漏洞
UDS Identity Config is a Keycloak configuration image building tool developed by Defense Unicorns. Versions 0.11.0 to 0.26.0 of UDS Identity Config contain security vulnerabilities. These vulnerabilities stem from logical errors in the client-kubernetes-secret Keycloak authentication handler. Thi...
7-Zip 安全漏洞
7-Zip is an open-source compression software developed by 7-Zip. Versions 9.18 to 26.00 of 7-Zip contain security vulnerabilities. These vulnerabilities stem from sparse filling of index arrays in the SquashFS archive processor, which allows for uninitialized heap reads, potentially leading to...
HelloTalk 安全漏洞
HelloTalk is a language exchange and social learning app developed by HelloTalk Corporation. Versions of HelloTalk 3.4.1 and earlier contained a security vulnerability. This vulnerability stemmed from the storage of full-precision GPS coordinates. Even if users intended to only share their countr...
libinput 安全漏洞
libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel. There is a security vulnerability in libinput, which stems from the ability to inject arbitrary udev properties through the...
7-Zip 缓冲区错误漏洞
7-Zip is an open-source compression software developed by 7-Zip. Versions 9.34 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from improper handling of WIM archive processors’ security descriptor lookups, leading to out-of-bounds read attacks, which may result in...
Lyrion Music Server 跨站脚本漏洞
Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated storage-based cross-site scripting flaw present in the log viewer, which may allow...
WordPress plugin WP Captcha PRO 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Termix 操作系统命令注入漏洞
Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the POST /ssh/tunnel/connect endpoint, which directly inserted the...
Termix 安全漏洞
Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure handling of path parameters by the GET /ssh/filemanager/ssh/resolvePath endpoint, which caused...
SAMSUNG Assistant 安全漏洞
SAMSUNG Assistant is a device assistance component developed by South Korean company Samsung. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the SmartHomeWidgetReceiver component, which could allow local...
D-Link DWR-M920 操作系统命令注入漏洞
The D-Link DWR-M920 is a router produced by D-Link Corporation. Versions of the D-Link DWR-M920 prior to 1.1.50 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of the IMEIvalue parameter in the sub412DA0 function found in...
Tenda FH451 安全漏洞
The Tenda FH451 is a router produced by the Chinese company Tenda. The version Tenda FH451 V1.0.0.9 contains a security vulnerability. This vulnerability stems from a stack overflow issue with the page parameter in the fromDhcpListClient function, which could allow attackers to cause...
HAXCMS 代码问题漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had code-related vulnerabilities. These vulnerabilities stemmed from improper session termination, which could allow attackers to obtain valid tokens and gain persistent access to...
Linqi 安全漏洞
Linqi is an English speaking practice platform developed by the German company Linqi. Linqi has a security vulnerability, which stems from a server-side request forgeing vulnerability in the custom process creation function. This vulnerability allows authenticated attackers to detect internal...
HAXCMS 输入验证错误漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from unvalidated site creation requests, which could allow authenticated attackers to send...
CollegeManagementSystem 代码问题漏洞
CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are code vulnerabilities in CollegeManagementSystem. These vulnerabilities stem from improper handling of the Student-Data-CSV parameter in the...
7-Zip 缓冲区错误漏洞
7-Zip is an open-source compression software developed by 7-Zip. Versions 9.34 to 26.00 of 7-Zip contained a buffer error vulnerability, which was caused by an integer overflow in SquashFS fragment offsets. This vulnerability could allow attackers to manipulate node offset values to bypass fragme...
Mimecast Incydr 安全漏洞
Mimecast Incydr is a cloud-native internal risk management and data protection platform developed by Mimecast Corporation in the United States. Versions of Mimecast Incydr prior to version 2.6.0 contained security vulnerabilities that could lead to arbitrary file access...
HAXCMS 安全漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of the video-player component, which could allow attackers to execute arbitrary JavaScript in th...
OpenDaylight 安全漏洞
OpenDaylight ODL is an open-source SDN controller developed under the OpenDaylight project. OpenDaylight v12.0.5 contains a security vulnerability, which stems from issues with the cluster-admin:backup-datastore component. This vulnerability could allow attackers to perform directory traversal...
Lyrion Music Server 跨站脚本漏洞
Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability present in the media file metadata tags, which...
Amazon Web Services JDBC Driver 安全漏洞
The Amazon Web Services JDBC Driver is an open-source Go language wrapper developed by Amazon Web Services. There is a security vulnerability in the Amazon Web Services JDBC Driver, which stems from an unreliable search path issue in the GlobalDatabasePlugin. This vulnerability allows remote,...
SAMSUNG Assistant 安全漏洞
SAMSUNG Assistant is a device assistance component developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the ExpressHomeWidgetReceiver component, which could allow loc...
7-Zip 安全漏洞
7-Zip is a compression software developed under open source. Versions 9.21 to 26.00 of 7-Zip contain security vulnerabilities. These vulnerabilities stem from a memory leak in the UEFI parser, which allows attackers to exploit the uninitialized memory by truncating files, thereby exposing unread...
Altium Enterprise Server 安全漏洞
Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. There is a security vulnerability in Altium Enterprise Server. This vulnerability stems from improper handling of file names provided to users, leading to path traversal attacks...
Moby 代码问题漏洞
Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to v2.0.0-beta.14 contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect order of...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. Version...
MoviePilot 路径遍历漏洞
MoviePilot is an automated film resource management tool developed by jxxghp. MoviePilot has a path traversal vulnerability, which stems from path traversal within the AliPan, U115, and Rclone cloud storage download processors. This vulnerability allows attackers to manipulate the file names...
CollegeManagementSystem 授权问题漏洞
CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...
Open XDMoD 访问控制错误漏洞
Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...