195539 matches found
HCL iControl 安全漏洞
HCL iControl is an IT infrastructure monitoring and automation platform developed by HCL Company in India. HCL iControl has a security vulnerability that stems from the absence of security headers, which may lead to cross-site scripting attacks...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. MISP has a security vulnerability that...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the fact that the web management panel is widely bound to the public IPv6 address space at port :::8080, with no default firewa...
Tautulli 安全漏洞
Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from exposing the logjserrors endpoint to any authenticated user. Attackers were able to directly...
Iris 安全漏洞
Iris is a fast, simple, yet fully functional and highly efficient Go web framework developed under the DFIR-IRIS open source project. Versions of IRIS prior to 2.4.28 contained security vulnerabilities; these vulnerabilities stemmed from the use of the HTTP GET method to alter server state, makin...
GNCC GP5 安全漏洞
GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from a lack of runtime integrity checks, which may allow physical proximity attackers to bypass the file system’s read-only protection and...
CoreShop 代码注入漏洞
CoreShop is an open-source e-commerce system developed by CoreShop. Versions 5.0.1 to 5.1.0-beta.1 of CoreShop have a code injection vulnerability. This vulnerability arises from the GitHub Actions workflow using pullrequesttarget to trigger and inspect unvalidated code, potentially allowing remo...
WordPress plugin SP Project & Document Manager 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Hostel Management System 安全漏洞
Hostel Management System is a dormitory management tool developed by LAKSHAY DHOUNDIYAL. The Hostel Management System f87e67c283bab6f718faf2fec6ae39a13bd7036b and previous versions have security vulnerabilities. These vulnerabilities stem from unknown processing of parameter IDs in the Admin...
Mobatek MobaXterm 安全漏洞
Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. Version 12.1 of Mobatek MobaXterm contains a security vulnerability. This vulnerability stems from a buffer overflow in the structured...
MISP 安全漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analysis of threats to network security and malware analysis. MISP has a security vulnerability...
wordpress plugin Contact Form 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
HCL BigFix Cloud Lifecycle Management 安全漏洞
HCL BigFix Cloud Lifecycle Management is a terminal lifecycle management platform developed by the Indian company HCL. HCL BigFix Cloud Lifecycle Management has a security vulnerability, which stems from insufficient input validation. This vulnerability may lead to information leaks and allow...
Net::Async::Statsd::Client 安全漏洞
Net::Async::Statsd::Client is an asynchronous StatsD client library open sourced by TEAM. Versions of Net::Async::Statsd::Client 0.005 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of checks for line breaks, colons, or pipes in metric names, which may allo...
Keystone 安全漏洞
Keystone is a powerful CMS developed by OpenStack. It helps you build and expand faster than any other CMS or application framework. Keystone versions prior to 20260319 have security vulnerabilities. These vulnerabilities stem from unknown code in the...
quic-go 安全漏洞
Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...
Neterbit NW-431F Router 安全漏洞
The Neterbit NW-431F Router is a 4G LTE wireless router produced by the Neterbit company. The Neterbit NW-431F Router versions 20241014-IR03 and earlier has a security vulnerability. This vulnerability stems from the network diagnostic module not properly cleaning up user input, which may lead to...
HTML::Parser 安全漏洞
HTML::Parser is a tool for parsing HTML documents and separating markup from content, developed as open source by libwww-perl. Versions of HTML::Parser prior to 3.84 contained security vulnerabilities. These vulnerabilities stemmed from the XS routine’s cache pointing to the SV pointer in the...
SAMSUNG rLottie 安全漏洞
SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability caused by uncontrolled recursion, which could lead to th...
SAMSUNG rLottie 安全漏洞
SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability due to out-of-bound writing, which could lead to buffer...
SAMSUNG rLottie 安全漏洞
SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability due to an excessive memory allocation size value, which...
SAMSUNG rLottie 安全漏洞
SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie, eae37633fda13ac05b25c6c95aacea4bc33c80a3, contained security vulnerabilities. These...
SAMSUNG rLottie 安全漏洞
SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability due to out-of-bound reading, which could lead to excessi...
Nsasoft NetShareWatcher 安全漏洞
Nsasoft NetShareWatcher is a security auditing tool developed by the US company Nsasoft. Version 1.5.8.0 of Nsasoft NetShareWatcher contains a security vulnerability. This vulnerability stems from a buffer overflow in the structured exception handler, which could allow local attackers to execute...
Red Hat OpenShift Pipelines 权限许可和访问控制问题漏洞
Red Hat OpenShift Pipelines is a Kubernetes-native continuous integration and continuous delivery platform developed by Red Hat Inc. There is a security vulnerability in Red Hat OpenShift Pipelines. This vulnerability stems from the ClusterRoleBinding for tekton-scheduler-rolebinding granting the...
SAMSUNG rLottie 安全漏洞
SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. There is a security vulnerability in SAMSUNG rLottie, which stems from integer overflows or circular errors, potentially...
Projectworlds Online Art Gallery Shop Project SQL注入漏洞
Projectworlds Online Art Gallery Shop Project is a online art gallery store project developed by the Projectworlds team. Version 1.0 of Projectworlds Online Art Gallery Shop Project has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file admin/adminHome.p...
itsourcecode Fees Management System SQL注入漏洞
itsourcecode Fees Management System is an open-source charging management system developed by itsourcecode. Version 1.0 of the itsourcecode Fees Management System has a SQL injection vulnerability. This vulnerability arises from unknown functions in the /managestudent.php file, which manipulate...
T3 Technology CPE models 安全漏洞
T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. There are security vulnerabilities in the T3 Technology CPE models version 1.0.07 and the T6825G version 1.0.03. These vulnerabilities stem from unrecorded debug CGI endpoints,...
SQLite sqldiff 安全漏洞
SQLite sqldiff is an open-source SQLite database difference comparison tool developed by SQLite. SQLite sqldiff has a security vulnerability, which stems from the improper handling of Unicode characters during the conversion to ANSI code pages at the Windows C runtime. Attackers can load arbitrar...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the fact that when configuring OpenConfig, a gNMI Set request that should be rejected may still be...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the hardcoded nature of the APK resource files, which are never expired and share credentials, potentially leading to informati...
Cisco Catalyst SD-WAN Manager 安全漏洞
Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from insufficient user...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from overly permissive configuration settings of the cloud storage container. This vulnerability may lead to the unauthorized disclosure of activ...
OSNexus QuantaStor SDS Manager 安全漏洞
OSNexus QuantaStor SDS Manager is a software-defined storage management platform developed by the American company OSNexus. There is a security vulnerability in OSNexus QuantaStor SDS Manager. This vulnerability stems from improper cleaning of the user name field in the login endpoint, allowing...
Seagull BarTender 代码问题漏洞
Seagull BarTender is an enterprise-level labeling, barcode, and RFID design and printing software developed by Seagull Corporation in the United States. Versions of Seagull BarTender from 2.1 to 12.1.1 contain code-related vulnerabilities. These vulnerabilities stem from insecure deserialization...
netty-incubator-codec-ohttp 安全特征问题漏洞
netty-incubator-codec-ohttp is an application developed by the Netty community. Versions prior to 0.0.21.Final of netty-incubator-codec-ohttp contain a security vulnerability. This vulnerability arises from returning a non-empty value when HKDF-expand fails, which may lead to the use of a key wit...
Iris 安全漏洞
Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were due to the possibility of redirecting users to malicious websites through abuse...
MLflow 安全漏洞
MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLflow 3.10.0 and earlier contain security vulnerabilities. These vulnerabilities ste...
PHP EI-Tube Script SQL注入漏洞
The PHP EI-Tube Script is a video website construction system developed by Elis Atef. The PHP EI-Tube Script has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the search parameter, which may allow unauthenticated attackers to execute arbitrary SQL...
Tautulli 安全漏洞
Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from the configUpdate endpoint not enforcing the POST method and not using a CSRF token...
WordPress plugin Photo Gallery by 10Web SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
GNCC GP5 安全漏洞
GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the use of a weak hash algorithm to protect the root password, which may allow attackers to obtain root credentials through brute-for...
Froxlor 注入漏洞
Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor 2.3.6 and earlier contained an injection vulnerability. This vulnerability stemmed from the LOC record’s regular expression matching of line breaks, and the unlimited TLSA validation, whi...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the debugging routine SCREENCLICK5053, which allows connections to completely bypass standard device login prompts and directly...
WordPress plugin Zoner Real Estate 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application. It is used to configure bare machines rather than virtual machines. Versions of OpenStack Ironic prior to 35.0.2 contained a security vulnerability. This vulnerability stemmed from allowing malicious project administrators or managers to re...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the fact that when configuring OpenConfig, a gNMI Set request that should be rejected may still be...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. Prior to version 35.0.2 of OpenStack Ironic, there was a security vulnerability that occurred due to the use of speciall...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from legacy engineering designs and factory-level diagnostic software. This vulnerability may allow malicious applications to gain access to the...