195539 matches found
HAX CMS PHP 代码问题漏洞
HAXCMS is an open-source content management system developed by HAX The Web. There were code vulnerabilities in HAX CMS versions from 11.0.6 to 25.0.0. These vulnerabilities stemmed from the file upload feature, which used regular expressions to validate file extensions but did not check the actu...
CollegeManagementSystem SQL注入漏洞
CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. CollegeManagementSystem has a SQL injection vulnerability. This vulnerability arises from improper handling of the departmentcode parameter in the...
Morse Micro HaLowLink 安全漏洞
Morse Micro HaLowLink is a series of long-range wireless gateway devices developed by Morse Micro Corporation. Versions of Morse Micro HaLowLink prior to 2.2.11.13 contained security vulnerabilities. These vulnerabilities stemmed from the use of the IE length field as the size parameter for the...
Ericsson Packet Core Gateway 安全漏洞
Ericsson Packet Core Gateway is a data packet gateway platform for mobile communication core networks developed by the Swedish company Ericsson. Versions of Ericsson Packet Core Gateway prior to version 1.30 contained security vulnerabilities. These vulnerabilities stemmed from improper handling ...
CollegeManagementSystem 代码注入漏洞
CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. CollegeManagementSystem has a code injection vulnerability. This vulnerability stems from improper handling of the departmentname parameter in the...
Arcadia Crafty Controller 安全漏洞
Arcadia Crafty Controller is a server management panel developed under the open-source Crafty Controller project. There is a security vulnerability in Arcadia Crafty Controller. This vulnerability stems from a lack of resilience to unexpected messages from connection switches, which may lead to...
joomlacontenteditor.net Joomla Content Editor (JCE) extension for Joomla 权限许可和访问控制问题漏洞
JCE Joomla Component is an editor component used within the Joomla content management system. The JCE Joomla Component has a security vulnerability related to access control. This vulnerability stems from allowing unauthenticated users to create new editor profiles, ultimately leading to the uplo...
HAX 安全漏洞
HAX is an open-source microsite managed using HAX+CMS with a PHP backend. There were security vulnerabilities in HAX CMS PHP versions prior to 26.0.0. These vulnerabilities stemmed from an authentication-based local file inclusion vulnerability in the saveOutline endpoint, which could allow...
Ericsson Packet Core Controller 安全漏洞
Ericsson Packet Core Controller is a packet core controller developed by the Swedish company Ericsson. Versions of Ericsson Packet Core Controller prior to version 1.39 contained security vulnerabilities; these vulnerabilities could lead to service degradation due to the sending of large numbers ...
SAMSUNG Auto Android 安全漏洞
Samsung Auto Android is a mobile screen mirroring and intelligent driving assistant platform developed by South Korea’s Samsung Corporation for use in vehicle scenarios. There were security vulnerabilities in versions prior to 3.1.2.61 of Samsung Auto Android 15, as well as versions prior to...
RIELLO UPS NetMan 访问控制错误漏洞
RIELLO UPS NetMan is a network adapter developed by the Italian company RIELLO UPS. The RIELLO UPS NetMan 204 has a vulnerability related to access control. This vulnerability arises from the lack of authentication for management pages and command endpoints. Unauthenticated remote attackers can...
Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞
Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...
Altium Enterprise Server 安全漏洞
Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. There is a security vulnerability in the Altium Enterprise Server Network Installation Service. This vulnerability stems from path traversal, allowing unauthenticated network...
7-Zip 缓冲区错误漏洞
7-Zip is an open-source compression software developed by 7-Zip. Versions of 7-Zip 26.00 and earlier contained a buffer error vulnerability. This vulnerability stemmed from insufficient allocation of the NTFS compression stream buffer, which could allow attackers to execute arbitrary code or caus...
X.Org Server 资源管理错误漏洞
X.Org is open-source free software developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland, which defines the way communication between display servers and clients takes place. There is a resource management vulnerability in X.Org X Server and...
X.Org Server 资源管理错误漏洞
X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication methods between the display server and its clients. There are resource management vulnerabilities in both...
X.Org XWayland 缓冲区错误漏洞
The X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. Both the X.Org X Server and Xwayland have security...
X.Org Server 缓冲区错误漏洞
X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. Both X.Org X Server and Xwayland have buffer error...
X.Org Server 缓冲区错误漏洞
X.Org is open-source free software developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines how communication between display servers and clients occurs. There are buffer overflow vulnerabilities in the X.Org X server and Xwayland,...
X.Org Server 资源管理错误漏洞
X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. There are resource management vulnerabilities in both...
X.Org Server 资源管理错误漏洞
X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. There are resource management vulnerabilities in both...
X.Org Server 缓冲区错误漏洞
X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. Both X.Org X Server and Xwayland have security...
X.Org Server 缓冲区错误漏洞
X.Org X Server is an X Window system display server developed by the X.Org Foundation. Xwayland is an open-source communication protocol developed by Xwayland that defines the communication method between the display server and its clients. Both X.Org X Server and Xwayland have security...
DBI 安全漏洞
DBI is a Perl database interface tool developed under the open-source license of perl5-dbi. Versions of DBI prior to 1.648 contained security vulnerabilities; these vulnerabilities stemmed from heap overflows that occurred when pre-resolving SQL statements involving more than nine binders...
Moby 代码问题漏洞
Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to v2.0.0-beta.14 contained code-related vulnerabilities. These vulnerabilities stemmed from incorrect order of...
Graphite-Web 数字错误漏洞
Graphite-Web is a highly scalable real-time plotting system developed by the Graphite Project. Versions of Graphite-Web prior to 1.3.15 contained a numerical error vulnerability. This vulnerability stemmed from integer underflow and out-of-bounds writes, as slotat did not ensure that the offset w...
Internationalized Domain Names in Applications 安全漏洞
Internationalized Domain Names in Applications is a tool for encoding and decoding internationalized domain names, developed by Kim Davies as a personal project. Versions of Internationalized Domain Names in Applications prior to version 3.15 contained a security vulnerability. This vulnerability...
7-Zip 缓冲区错误漏洞
7-Zip is an open-source compression software developed by 7-Zip. Versions 9.11 to 26.00 of 7-Zip contain a buffer error vulnerability. This vulnerability stems from the File Identifier Descriptor parser in the UDF disc image processor, where a heap out-of-bounds read occurs, potentially leading t...
FOSSBilling 安全漏洞
FOSSBilling is an open-source billing and customer management platform for hosting service providers and digital service providers. Versions of FOSSBilling prior to 0.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the password reset confirmation endpoint being...
Morse Micro HaLowLink 安全漏洞
Morse Micro HaLowLink is a series of long-range wireless gateway devices developed by Morse Micro Corporation. Versions of Morse Micro HaLowLink prior to 2.2.11.12 contained security vulnerabilities. These vulnerabilities stemmed from the Morse.vk HaLow Wi-Fi kernel driver, where the...
OpenStack Mistral-Dashboard 安全漏洞
OpenStack Mistral-Dashboard is an open-source graphical interface plugin for OpenStack. OpenStack Mistral-Dashboard versions 22.0.0 and earlier have security vulnerabilities. These vulnerabilities stem from exposed API endpoints that allow code execution, potentially leading to exposure of servic...
Zuz Music 跨站脚本漏洞
Zuz Music is an online music streaming platform system developed by Zuz Corporation. Version 2.1 of Zuz Music contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious JavaScript through submitting specially crafted form data, potentially allowing...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS. This vulnerability arises when configuring IPsec, where specially crafted packets may cause the data plane to stop...
libpng 安全漏洞
libpng is an open-source PNG reference library developed by The PNG Development Group. It allows for the creation, reading, and writing of PNG graphic files. Version 1.8.0 of LIBPNG contains a security vulnerability. This vulnerability stems from the inter-frame block discard path in the...
stumasy 代码问题漏洞
Stumasy is a student performance management and analysis system developed by Marejean Chernyak. Stumasy has code vulnerabilities; these vulnerabilities arise from an unknown function in the application/PHP/objects/updates/addpost.php file, which allows unlimited uploads due to improper handling o...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the FieldX MDM adb messaging topic directly passing unvalidated payloads to Runtime.exec, potentially leading to command injection...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the AES-128-CBC key that is fixed in the AcerConnect OTA application. It may allow attackers to forge authorization credentials...
Microsoft Copilot Chat (Microsoft Edge) 输入验证错误漏洞
Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a injection vulnerability, which stems from improper neutralization of special elements in the output of downstream components. This vulnerability...
Neterbit NW-431F Router 安全漏洞
The Neterbit NW-431F Router is a 4G LTE wireless router produced by the Neterbit company. The Neterbit NW-431F Router versions 20241014-IR03 and earlier has a security vulnerability. This vulnerability stems from the use of weak/predictable Cookie values for authentication. Attackers can bypass t...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analysis of threats to network security and malware analysis. MISP has a security vulnerability...
WordPress plugin MasterStudy LMS Pro Plus SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
T3 Technology CPE models 安全漏洞
T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. The T3 Technology CPE models, including versions v1.0.07, T6825G v1.0.03, and T7281 v1.0.03, contain security vulnerabilities. These vulnerabilities stem from the hardcoded...
GX Group Earth 2022 ONT 安全漏洞
GX Group Earth 2022 ONT is an FTTH optical network terminal device developed by the Turkish company GX Group. There is a security vulnerability present in the GX Group Earth 2022 ONT. This vulnerability stems from the presence of a hard-coded RSA private key in the device’s firmware. This could...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the system log files outputting unencrypted SMTP server authentication passwords and sensitive employee corporate identity data...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a security vulnerability tha...
stumasy 代码问题漏洞
Stumasy is a student performance management and analysis system developed by Marejean Chernyak. Stumasy has code vulnerabilities; these vulnerabilities arise from the operation of an unknown function in the application/PHP/objects/profiles/changeprofileimage.php file, which leads to unlimited...
HCL iControl 安全漏洞
HCL iControl is an IT infrastructure monitoring and automation platform developed by the Indian company HCL. HCL iControl has a security vulnerability, which stems from weak input validation. This issue arises due to incorrect validation of input types during the implementation of architectural...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from failing to properly evaluate the command permissions of multiple internal opcodes. This vulnerability may allow unauthorized applications to...
GPTCache 安全漏洞
GPTCache is a library open-sourced by Zilliz for creating semantic caching for large model queries. Versions of GPTCache 0.1.44 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of a weak hash function in the BufferedReader.peek function of the Cache Key Handle...
BACnet Stack 安全漏洞
BACnet Stack is an open-source protocol stack for BACnet, suitable for embedded systems, Linux, MacOS, BSD, and Windows. Version 1.3.1 of BACnet Stack contains a security vulnerability; this vulnerability stems from an out-of-bound read operation in bacnettagnumberdecode, which may lead to...