195539 matches found
BankPro E-Service Service Center 安全漏洞
The BankPro E-Service Service Center is a digital banking service management platform provided by BankPro E-Service in Taiwan, China. There is a security vulnerability in the BankPro E-Service Service Center. This vulnerability stems from insecure direct object references, which may allow...
ASUS System Control Interface 安全漏洞
ASUS System Control Interface is a computer system control interface developed by ASUS, a Chinese company. There is a security vulnerability in the ASUS System Control Interface, which stems from improper allocation of permissions for critical resources. This vulnerability could allow local users...
Waterfall WF-500 安全漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. A security vulnerability exists in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; this vulnerability stems from...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...
Waterfall WF-500 安全漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. There are security vulnerabilities in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040; these vulnerabilities stem fr...
Pencak Silat Digital Scoring SQL注入漏洞
Pencak Silat Digital Scoring is a digital scoring system for martial arts competitions developed by Yudha Yogasara. Version 18.10 of Pencak Silat Digital Scoring contains an SQL injection vulnerability. This vulnerability arises from injecting malicious code through the idpartai parameter, which...
JetBrains IntelliJ IDEA 操作系统命令注入漏洞
JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 had a vulnerability related to operating system command injection, which stemmed from filename completion...
Waterfall WF-500 安全漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. A security vulnerability exists in the Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040. This vulnerability stems from an...
WordPress plugin Link Whisper Free 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
JetBrains IntelliJ IDEA 安全漏洞
JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1 contained security vulnerabilities, which were caused by template injection in the Copyright plugin,...
JetBrains IntelliJ IDEA 代码问题漏洞
JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2026.1 contained code vulnerabilities due to XML external entity injections in the UI Designer form parser...
Klever Blockchain 安全漏洞
Klever Blockchain is a high-performance blockchain network implemented by Klever in open source. Versions of Klever Blockchain prior to 1.7.17 contained security vulnerabilities. These vulnerabilities stemmed from a remote unauthenticated denial-of-service issue in the Batch.Decompress function...
Bolt CMS 安全漏洞
Bolt CMS is an open-source content management system based on PHP, developed by Bolt CMS. Versions of Bolt CMS 3.7.0 and earlier contain security vulnerabilities, which stem from SQL injection vulnerabilities in the order parameter of the content list page. Attackers with low privileges and...
liboqs 缓冲区错误漏洞
Liboqs is an open-source project under Open Quantum Safe, which is an open-source C library for quantum secure encryption algorithms. Versions of Liboqs prior to 0.16.0 contained a buffer error vulnerability. This vulnerability stems from out-of-bounds reads in the XMSS and XMSS^MT state signatur...
arcane 操作系统命令注入漏洞
Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane 1.18.1 and earlier contain a vulnerability related to operating system command injection. This vulnerability stems from the path cleaner in the GET /environments/id/volumes/volumeName/browse endpoint not...
Manga/Image Translator 安全漏洞
Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developers. Manga/Image Translator has a security vulnerability, which stems from insecure deserialization during the shared API server mode. This vulnerability could allow remote attackers to execute...
rustfs 访问控制错误漏洞
RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from improper validation of the PUT /rustfs/admin/v3/import-iam endpoint, allowing users with the ImportIAMAction...
arcane 路径遍历漏洞
Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.19.4 contained a path traversal vulnerability. This vulnerability stemmed from ProjectService.GetProjectFileContent returning Docker Compose containing instructions before performing path...
Trilium Notes 安全漏洞
Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.2 contained a security vulnerability. This vulnerability stemmed from the import of malicious ZIP archives whe...
arcane 安全漏洞
Arcan is an open-source Docker management software developed by Arcane. Versions of Arcan prior to 1.19.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of an administrator authorization check for the PUT /api/environments/id/templates/variables endpoint. This...
Home Assistant 安全漏洞
Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. Versions of Home Assistant prior to 2026.4.1 for iOS and 2026.4.4 for Android have security vulnerabilities. These vulnerabiliti...
libsoup 安全漏洞
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from an error in the unsigned-to-signed conversion in the soupbodyinputstreamreadchunked function. This vulnerability could allow remote attackers to bypass security controls by sending...
Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞
The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability present in the Danelec Marine Danelec MacGregor Voyage Data Recorder, which stems from the use of a hash method for storin...
WordPress plugin Plus Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...
Red Hat Quay 安全漏洞
Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has a security vulnerability; this vulnerability stems from the fact that GitLab’s OAuth verifier transmits sensitive credentials as plain-text parameters in URL queries, which may lead to...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2025.11.2...
WordPress plugin StatCounter 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
TRENDnet TEW-432BRP 安全漏洞
TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the parameter peerPin within the goform/formWPS file, which could allow remote...
Indian Motorcycle Scout Bobber + Tech 安全漏洞
The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by weak authentication in the Wireless Control Module. This vulnerability could allow neighboring networ...
JetBrains TeamCity 输入验证错误漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Prior to JetBrains TeamCity 2026.1, there was a...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1.1...
Red Hat assisted-service 安全漏洞
Red Hat Assisted-Service is a backend service component provided by Red Hat Inc. in the United States, which offers REST APIs. It primarily serves the OpenShift ecosystem. There is a security vulnerability in Red Hat Assisted-Service. This vulnerability arises from writing the original key conten...
FreeScout 授权问题漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...
FastGPT 代码问题漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.15.0-beta1 contained code vulnerabilities. These vulnerabilities were caused by server-side request forgery, allowing authenticated attackers to...
Emlog Pro 安全漏洞
Emlog Pro is an open-source blog system developed by Emlog. Version 2.6.9 of Emlog Pro contains a security vulnerability, which stems from a path traversal vulnerability in the template upload function. This vulnerability allows authenticated administrators to execute arbitrary PHP code. By...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...
FreeRDP 安全漏洞
FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.26.0 contained security vulnerabilities. These vulnerabilities stemmed from malicious RDP servers that could trigger a client heap buffer overflow by sending specially...
Shibby Tomato 安全漏洞
Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Versions of Shibby Tomato prior to 1.28 contained security vulnerabilities. These vulnerabilities were caused by a stack buffer overflow in the tomatoups.cgi file within the UPS service component, which...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This...
SillyTavern 安全漏洞
SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from automatic login using the Remote-User and X-Authentik-Username HTTP headers, without verifying whether...
Dokploy 安全漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...
Naviwebs Navigate CMS 路径遍历漏洞
Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.5 of Naviwebs Navigate CMS, there is a path traversal vulnerability. This vulnerability stems from the injection of directory traversal sequences in the id parameter, which may allow...
Red Hat Quay 代码问题漏洞
Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has code-related vulnerabilities; these vulnerabilities stem from the LDAP and SMTP authentication functions of the config-tool, which do not filter IP or host addresses. This may allow...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...
TP-Link TL-SG108PE 安全漏洞
The TP-Link TL-SG108PE is an 8-port Gigabit Ethernet intelligent managed PoE switch from TP-Link Corporation. The TP-Link TL-SG108PE v5 has a security vulnerability, which stems from improper cleaning of SYSNAM configuration parameters during the file configuration import process in the web...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, workflow creation, and project progress monitoring. Versions of JetBrains YouTrack prior to 2026.1.13162 contained security...
JetBrains YouTrack 跨站脚本漏洞
JetBrains YouTrack is a browser-based error tracking and project management software developed by Czech company JetBrains. This software features error tracking, the ability to create workflows, and monitoring of project progress. Versions of JetBrains YouTrack prior to 2026.1.13162 contained a...