195539 matches found
LibreChat 安全漏洞
LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within one interface. LibreChat versions 0.8.3 and earlier have a security vulnerability caused by improper access control to the MCP...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where functions return errors that include the input within the error message. This allows attackers ...
Seagate openSeaChest 安全漏洞
Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version of Seagate openSeaChest v25.05.3 contains a security vulnerability. This vulnerability stems from an out-of-bounds write operation during the --showSupportedFormats comman...
BlenderMCP 代码注入漏洞
BlenderMCP is a 3D modeling control tool developed by ahujasid that connects Blender with AI. Versions of BlenderMCP 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b and earlier have a code injection vulnerability. This vulnerability stems from the handling of the code parameter in the executeblendercode...
Libwebsockets 安全漏洞
Libwebsockets is a standardized network library open-sourced by the lws-team. Versions of Libwebsockets 4.5.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the lwssshParseplaintext function in the SSH Protocol Handler component’s plugins/protocollwssshbase/sshd.c...
Dräger Protector Software 安全漏洞
Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...
authentik 授权问题漏洞
Authentik is an open-source identity provisioning application. Versions of Authentik before 2025.12.6, 2026.2.4, and 2026.5.1 have vulnerabilities related to authorization. These vulnerabilities stem from the possibility of sending empty POST requests, which may bypass the authentication phase...
Dräger Infinity Acute Care System和Dräger Standalone Infinity M540 patient monitor 数据伪造问题漏洞
The Dräger Infinity Acute Care System and the Dräger Standalone Infinity M540 patient monitor are both products of the German company Dräger. The Dräger Infinity Acute Care System is an emergency monitoring platform that integrates patient monitoring, clinical workstations, and medical informatio...
BrowserStack Runner 路径遍历漏洞
BrowserStack Runner is an open-source browser testing command-line tool developed by BrowserStack. Versions of BrowserStack Runner prior to 0.9.5 contained a path traversal vulnerability. This vulnerability originated from the default HTTP handler in lib/server.js, which allowed for path traversa...
BrowserStack Runner 代码注入漏洞
BrowserStack Runner is an open-source browser testing command-line tool developed by BrowserStack. Versions of BrowserStack Runner prior to 0.9.5 contained a code injection vulnerability. This vulnerability stems from the log HTTP handler, where data provided by users is passed to...
National Instruments Ni-Pal 安全漏洞
National Instruments Ni-Pal is a software component of the American company National Instruments. It serves to provide necessary functions for multiple NI drivers. National Instruments Ni-Pal versions prior to 26.3.0 contain security vulnerabilities. These vulnerabilities stem from improper input...
GLPI 跨站脚本漏洞
GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...
SourceCodester Human Resource Management 安全漏洞
SourceCodester Human Resource Management is an open-source human resource management system developed by SourceCodester. Version 1.0 of SourceCodester Human Resource Management contains a security vulnerability. This vulnerability stems from the handling of the parameter employeeid in the Employe...
Medplum 代码问题漏洞
Medplum is an open-source platform for rapid development of medical applications. Versions of Medplum prior to 5.1.14 contained code-related vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability present in subscription workers, which could allow...
Tesla 安全漏洞
Tesla is an electric vehicle produced by the American company Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities were due to Tesla.Multipart.addcontenttypeparam/2 not verifying CR or LF characters, which could lead to HTTP header injection...
Tesla 安全漏洞
Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 1.4.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-sensitive string comparisons in handling security-sensitive headers. This could lead to credential leakage to...
Code-Projects Student Admission System SQL注入漏洞
Code-Projects Student Admission System is an open-source student admission system developed by Code-Projects. Version 1.0 of the Code-Projects Student Admission System has a SQL injection vulnerability. This vulnerability stems from the operation of parameters eid/did in the file/index.php, which...
react-router 输入验证错误漏洞
react-router is a declarative routing library for React, open-sourced by Remix. There were input validation vulnerabilities in the versions of react-router from 7.0.0 to 7.14.0, and from 6.7.0 to 6.30.3. These vulnerabilities stemmed from the fact that path values starting with “//” were...
Pterodactyl Panel 安全漏洞
Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.3 contained security vulnerabilities. These vulnerabilities stemmed from a complete failure of the database locking mechanism, which could allow users to bypass...
wireapp wire-ios 数字错误漏洞
wire-ios is the client layer that handles all data displayed in mobile applications. Versions of wire-ios prior to 4.16.0 have a numerical error vulnerability, which stems from a lack of length checking. This vulnerability may lead to crashes when receiving specially crafted malicious Proteus...
Crow 安全漏洞
Crow is a C++ microframework developed by Crow OpenSource, used for running web services. Versions of Crow 1.3.1 and earlier contain security vulnerabilities; these vulnerabilities stem from unvalidated response header values, which may lead to response header injection attacks...
react-router 安全漏洞
react-router is a declarative routing library for React, open-sourced by Remix. Versions 7.7.0 to 7.13.1 of react-router contain security vulnerabilities. These vulnerabilities stem from improper redirection handling when using the unstable RSC API, which may lead to cross-site scripting attacks ...
AuthKit React Router Library 跨站脚本漏洞
AuthKit React Router Library is an open-source project developed by WorkOS, used within React Router 7 for authentication and session management. Versions 7.7.0 to 7.13.1 of the AuthKit React Router Library contain a cross-site scripting vulnerability. This vulnerability arises from improper...
goclaw 访问控制错误漏洞
Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain a security vulnerability related to access control. This vulnerability stems from a lack of authentication in the resolveAuth function within the Webhook...
WordPress plugin Content Visibility for Divi Builder 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Graph Explorer 安全漏洞
Graph Explorer is an interactive web application for visual exploration of graph databases, open-sourced by Amazon Web Services. Previous versions of Graph Explorer, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from the proxy server falling back to HTTP when th...
Dräger CC-Vision Basic和Dräger CC-Vision E-Cal 缓冲区错误漏洞
Dräger CC-Vision Basic and Dräger CC-Vision E-Cal are products of the German company Dräger. Dräger CC-Vision Basic is a portable gas detector with configuration and maintenance software. Dräger CC-Vision E-Cal is a gas detection device with electronic calibration and configuration management...
DesDev DedeCMS SQL注入漏洞
DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection...
Dräger Perseus A500 安全漏洞
The Dräger Perseus A500 is a high-end anesthesia workstation developed by the German company Dräger. There are security vulnerabilities in the Dräger Perseus A500 between versions 2.00 and 2.02. These vulnerabilities stem from improper input processing, which could allow external attackers to sen...
OpenClaude 安全漏洞
OpenClaude is an open-source coding assistant CLI developed by Gitlawb, which supports multiple backends. Prior to version 0.5.1, OpenClaude had a security vulnerability. This vulnerability stemmed from the dangerouslyDisableSandbox parameter being exposed in the BashTool input mode, and the...
OpenClaude 安全漏洞
OpenClaude is an open-source coding assistant CLI developed by Gitlawb. Versions of OpenClaude prior to 0.5.1 contained security vulnerabilities. These vulnerabilities were due to logical flaws in the conditional order logic within the MCP authentication process, allowing attackers to completely...
NamelessMC 安全漏洞
NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s designed for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC contains a security vulnerability. This vulnerability arises from the fact that the...
NamelessMC 安全漏洞
NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability that arises from not verifying the authorization of viewers before...
react-router 跨站脚本漏洞
react-router is a declarative routing library for React, open-sourced by Remix. Versions of react-router from 7.5.1 to 7.13.1 have a cross-site scripting vulnerability. This vulnerability stems from improper handling of the HTTP Location header value in framework mode with pre-rendering enabled,...
NamelessMC 安全漏洞
NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Version 2.2.4 of NamelessMC has a security vulnerability that stems from the lack of re-enforcing topic-level viewotherstopi...
goclaw 安全漏洞
Goclaw is an open-source multi-tenant AI smart agent platform developed by Next Level Builder. Versions of GoClaw 3.11.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a flaw in the Team Task Completion Handler component, where the TeamTasksTool.executeComplete...
DesDev DedeCMS 安全漏洞
DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation, based on PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a security vulnerability. Th...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could allow attackers to exhaust the memory of the Mint client on an HTTP/...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2026.1.19 contained security vulnerabilities, which stemmed from improper access...
Appsmith 安全漏洞
Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Appsmith has a security vulnerability, which stems from the autocompletion feature of the SQL query editor failing to clean up database object names. This...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...
OpenTelemetry eBPF Instrumentation 安全漏洞
OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the Java TLS ioctl probe usi...
OpenTelemetry eBPF Instrumentation 安全漏洞
OpenTelemetry eBPF Instrumentation is an open-source eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a custom...
OpenTelemetry eBPF Instrumentation 安全漏洞
OpenTelemetry eBPF Instrumentation is an open-source, eBPF-based lightweight telemetry data collection tool developed by OpenTelemetry. Versions of OpenTelemetry eBPF Instrumentation prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the export of raw Redis erro...
NiceGUI 安全漏洞
NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.12.0 contained a security vulnerability. This vulnerability stemmed from two FastAPI routes that allowed subpath parameters to be resolved into directories, potentially...
Klaw 访问控制错误漏洞
Klaw is an open-source operating system tool developed by Aiven Open. Versions of Klaw prior to 2.10.4 contained a vulnerability related to access control, which could lead to password hash leaks due to improper access control practices...
WordPress plugin Wallet System for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
Genetec Security Center 安全漏洞
Genetec Security Center is a unified security platform provided by Genetec Corporation. It connects your security systems, sensors, and data into one interface, simplifying your operations. There is a security vulnerability present in Genetec Security Center, which stems from a specific...
NamelessMC 安全漏洞
NamelessMC is a free, easy-to-use, and powerful website software developed by the NamelessMC team. It’s suitable for your Minecraft server and comes with numerous features. Versions of NamelessMC 2.2.4 and earlier have security vulnerabilities. These vulnerabilities stem from unvalidated state...
Vivotek VIVOTEK FD8136-VVTK 安全漏洞
Vivotek VIVOTEK FD8136-VVTK is a super-miniature fixed dome network camera firmware developed by Vivotek Corporation. The Vivotek VIVOTEK FD8136-VVTK 0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the motionprivacy.cgi binary file. When t...