195539 matches found
Hermes Web UI 访问控制错误漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.358 contained an access control vulnerability. This vulnerability stemmed from improper access control measures, allowing unauthorized remote attackers to initial...
Neuron Golem OEE MES 路径遍历漏洞
Neuron Golem OEE MES is a manufacturing execution system and equipment integrated efficiency management platform developed by the Polish company Neuron. The Neuron Golem OEE MES has a path traversal vulnerability, which stems from a path traversal flaw. This vulnerability could allow attackers...
Netty 访问控制错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained an access control vulnerability. This vulnerabilit...
SolidInvoice 跨站脚本漏洞
SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...
CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞
CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...
Limatek LimRAD NAC 代码问题漏洞
Limatek LimRAD NAC is a network access control system developed by the Turkish company Limatek. Versions of Limatek LimRAD NAC prior to 5.5.7.3.9 contained code vulnerabilities. These vulnerabilities stemmed from an unlimited upload of dangerous types of files, which could lead to remote code...
Guzzle 输入验证错误漏洞
Guzzle is a PHP HTTP client developed by the guzzlehttp developer. It allows for easy sending of HTTP requests and seamless integration with web services. Prior to Guzzle 2.10.2, there was a vulnerability related to input validation errors. This vulnerability stemmed from improper validation of...
WordPress plugin Soledad 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions of Apple macOS such as Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. These vulnerabilities stem from insufficient checks, which may allow...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the /automod add, /automod remove, and /automod list commands not having the required...
Axios 安全漏洞
Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.16.0 had security vulnerabilities. These vulnerabilities were caused by prototype pollution attacks, which could lead to the Object.prototype in the application dependency tree being polluted, resulting in...
Brickcom多款产品 安全漏洞
Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...
WordPress plugin Contact Form and Lead Form Elementor Builder 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
VMware Spring Web Services 加密问题漏洞
VMware Spring Web Services is a SOAP web service development framework provided by the American company VMware. There are vulnerabilities related to encryption in VMware Spring Web Services versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8. These vulnerabilities stem fr...
OpenClaw 权限许可和访问控制问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.20 contained security vulnerabilities. These vulnerabilities were caused by permission escalation issues, where hooks triggered proxy operations that incorrectly received MCP...
VMware Spring Boot 安全漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...
IBM i 代码问题漏洞
IBM i is an operating system developed by the American International Business Machines IBM company, which runs on IBM Power Systems and IBM PureSystems. Versions 7.6, 7.5, 7.4, and 7.3 of IBM i have code vulnerabilities. These vulnerabilities stem from unconstrained library calls, which may allow...
CyberArk Idira Secrets Manager Self-Hosted 访问控制错误漏洞
CyberArk Idira Secrets Manager Self-Hosted is an enterprise-level confidential information management platform developed by the CyberArk company. Versions of CyberArk Idira Secrets Manager Self-Hosted prior to 13.8.0 contained a access control vulnerability. This vulnerability stemmed from improp...
openSIS Classic 安全漏洞
openSIS Classic is an easy-to-use student information system developed under Open Solutions for Education. It is used to organize student information and school-related operations, thereby improving the efficiency of K-12, trade schools, and higher education school systems. Version 9.3 of openSIS...
GitLab 资源管理错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 12.0, 18.10.8, 18.11.5, and 19.0.2...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.24 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass issue in the MCP loopback function, allowing unauthorized users to circumvent t...
vLLM 资源管理错误漏洞
vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Version vLLM 0.8.0 and later contain a resource management vulnerability. This vulnerability stems from the unlimited frame counting in the VideoMediaIO.loadbase64...
Keras 路径遍历漏洞
Keras is an open-source deep learning framework developed by Keras. Versions of Keras prior to 3.14.0 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the archive extraction tool. The functions filtersafetarinfos and filtersafezipinfos used to...
WordPress plugin WP Logo Showcase Responsive Slider and Carousel 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 149.0.7827.115, there was a resource management vulnerability that stemmed from issues with reusing resources after their release in the Media component. This vulnerability could allow remote attackers to exploit heap...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 15.9, 18.10.8, 18.11.5, and 19.0.2...
VMware Spring Boot 信任管理问题漏洞
VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities related to trust management in versions of VMware Spring Boot 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, and 3.4.0 to 3.4.16. These vulnerabilities stem from the automatic email...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by a heap buffer overflow in the GPU. This vulnerability could allow a remote attacker with access to the renderer process to execute a sandbox escap...
ClipBucket V5 SQL注入漏洞
ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3–129 contained a SQL injection vulnerability. This vulnerability stems from a blind SQL injection vulnerability in the actions/progressvideo.php endpoint, which could...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.1.135.Final and 4.2.15.Final contained a resource management vulnerability. This...
CyberArk Idira Secrets Manager SaaS Edge 访问控制错误漏洞
CyberArk Idira Secrets Manager SaaS Edge is a distributed confidential access node component offered by the American company CyberArk. Versions of CyberArk Idira Secrets Manager SaaS Edge prior to version 1.8 contained an access control vulnerability. This vulnerability stemmed from improper acce...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from insufficient source verification in node event handling, allowing paired nodes to forge exec lifecycle...
OpenClaw 权限许可和访问控制问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...
FPDI 资源管理错误漏洞
FPDI is an open-source PDF reading software developed by Setasign GmbH & Co. KG. Versions of FPDI prior to 2.6.7 contained a resource management vulnerability. This vulnerability allowed attackers to upload malicious PDF files, causing server-side scripts to crash due to memory exhaustion or scri...
WordPress plugin Product Filter by WBW SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
OpenClaw 代码问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.25 had code vulnerabilities, stemming from path traversal issues during the loading of memory core artifacts. The state of the workspace affected the resolution of local package...
WordPress plugin WpEvently 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
VMware Spring Web Services 授权问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...
Cerebrate 信息泄露漏洞
Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.3 contained security vulnerabilities. These vulnerabilities stemmed from improper deployment of workflow condition checks. This allowed attackers to construct...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Video component involving reusing resources after they were released. It could allow remote...
Weblate 代码问题漏洞
Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 2026.6 had code-related vulnerabilities. These vulnerabilities stemmed from the improper handling of some transition IPv6 ranges, multicast addresses, and partially...
OpenVPN ovpn-dco-win 安全漏洞
OpenVPN ovpn-dco-win is a virtual network adapter for Windows developed by OpenVPN. There are security vulnerabilities in versions 2.0.0 to 2.8.3 of OpenVPN ovpn-dco-win. These vulnerabilities stem from errors in buffer size calculations by the epoch key generator, which may allow remotely...
simpleble 安全漏洞
SimpleBLE is an open-source cross-platform Bluetooth low-power library and multilingual binding tool developed by SimpleBLE. Versions of SimpleBLE prior to 0.14.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack overflow issue in the dongl backend’s...
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.5.0 contained a security vulnerability. This vulnerability stemmed from the use of MerkleRadixTrie::putchunk, which allowed remote unauthenticated attackers to cause nodes that synchronize...
libp2p 输入验证错误漏洞
libp2p is a modular peer-to-peer network framework developed under the open-source license. Prior to version 16.2.6, libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from unverified remote peers being able to send unlimited PUTVALUE messages, which could...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source JavaScript library for handling exceptions, developed by Erlang/OTP. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP erts prior to 15.2.7.9, as well as in versions 16.4.0.2 and...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-49 and 7.1.2-24 contained security vulnerabilities. These vulnerabilities were due ...
VMware Spring Data Commons 资源管理错误漏洞
VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation in the United States. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.5.0 and earlier, 3.4.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 3.1.0 and earlier, 3.0.0 and...