195539 matches found
Canon CUPS Printer Driver 安全漏洞
The Canon CUPS Printer Driver is a printer driver suite developed by the Japanese company Canon. Versions of the Canon CUPS Printer Driver 16.91.0.0 and earlier contained security vulnerabilities. These vulnerabilities were due to improper handling of symbolic links in the installation process,...
Dokploy 安全漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.7 contain security vulnerabilities. These vulnerabilities stem from the fact that the scheduling router does not enforce organization/role checks, allowing any authenticated user to create, update,...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of restrictions on the size of PackBits compressed data. This vulnerability...
Kados R10 GreenBee SQL注入漏洞
Kados R10 GreenBee is a web-based project management and collaboration tool developed by Kados OpenSource. Kados R10 GreenBee has a SQL injection vulnerability. This vulnerability arises from the fact that the featureid parameter in boardsbuttons/updatefeature.php is not cleaned properly, resulti...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX and RX Hosts contains an operating system command injection vulnerability. Thi...
RAGFlow 安全漏洞
RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.24.0 contain security vulnerabilities. These vulnerabilities stem from Jinja2 template injection in the prompt generator, which could allow any authenticated user to...
n8n-MCP 安全漏洞
n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the workflow telemetry cleaner might retain fragments of URL shape node...
JetBrains PyCharm 跨站脚本漏洞
JetBrains PyCharm is an integrated development environment IDE for Python language developed by the Czech company JetBrains. Versions of JetBrains PyCharm prior to 2025.3.4 contained a cross-site scripting vulnerability, which originated from Markdown cells in Jupyter notebooks, where a...
Waterfall WF-500 操作系统命令注入漏洞
The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The version 7.9.1.0 R2502171040 of the Waterfall WF-500 TX Host contains an operating system command injection vulnerability. This...
Shibby Tomato 安全漏洞
Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the sub90F0 function of the multimon.cgi file, which could lead to remote attacks...
shopper 安全漏洞
Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...
WordPress plugin Advanced Custom Fields: Extended 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
vLLM 安全漏洞
vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Version vLLM 0.14.1 contains a security vulnerability caused by the hardcoding of the trustremotecode=True parameter, which may lead to remote code execution...
WordPress plugin HT Contact Form 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Oracle Universal Work Queue 安全漏洞
Oracle Universal Work Queue is a flexible work presentation and access tool developed by Oracle, a company in the United States. This software provides centralized viewing of work, access requests, and organization of work, thereby improving efficiency and productivity. Versions 12.2.3 to 12.2.15...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from unverified email binding issues, which could lead to account...
Oracle Flow Manufacturing 安全漏洞
Oracle Flow Manufacturing is a production and manufacturing process management system developed by Oracle, a company in the United States. Versions 12.2.9 to 12.2.15 of Oracle Flow Manufacturing contain security vulnerabilities. These vulnerabilities stem from issues with the Security component,...
Veeam Backup And Replication 安全漏洞
Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. There is a security vulnerability in Veeam Backup and Replication, which may allow authenticated users with the role of backup administrators to write arbitrary files on Linux-based servers...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability allows authenticated users with existing organizational membership to exploit it by accessing user-facing APIs or requesting OpenID Connect...
WordPress plugin Frontend Admin by DynamiApps 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
SMSGate 安全漏洞
SMSGate is a SMS gateway integration tool developed by Lihuanghe’s individual developers. Versions of SMSGate 2.1.13.6 and earlier contained security vulnerabilities. These vulnerabilities were caused by a problem with the Cmpp7FDeliverRequestMessageCodec.java component, which could allow a remot...
CloudNativePG 代码问题漏洞
CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability. This vulnerability allows remote attackers with high privileges—such as domain administrators who configure malicious LDAP servers or attackers who disrupt...
Elastic Kibana 安全漏洞
Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This vulnerability may allow authenticated users to cause excessive memory and CPU resource consumpti...
Follet School Solutions Destiny 安全漏洞
Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the site parameter of...
SourceBans Material Admin 安全漏洞
SourceBans Material Admin is a game server management panel tool developed by SourceBans Material Admin developers. Version 1.1.6 of SourceBans Material Admin contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability present in the...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of the MUSTCONNECT flag in the Rockchip RKCIF driver. This vulnerability may...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the uninitialized zeroed security descriptor buffer in the smb client. This vulnerability may allow...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper error handling in the drm/msm/gem module. This vulnerability may lead to null pointer...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the management API’s user password endpoint. As a result,...
glib 安全漏洞
Glib is a generic, portable utility library for the GNOME project. It provides many useful data types, macros, type conversions, string utilities, file utilities, and main loop abstractions. Glib has a security vulnerability that stems from an infinite loop during the certificate verification...
go-billy 路径遍历漏洞
Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path traversal issues in multiple components. Insufficient path cleaning and boundary enforcement may lead ...
Local Deep Research 代码问题漏洞
Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...
Local Deep Research 安全漏洞
Local Deep Research is an AI search assistant developed by LearningCircuit. Versions prior to 1.6.0 of Local Deep Research contained a security vulnerability. This vulnerability stemmed from PDFService.markdowntohtml not properly escaping user-controlled values, allowing authentication attackers ...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the packages.js template, which interpolated the stored link URLs into the template literals within HTML tags with single...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the lack of protection for the Flask session directory during the patching of CVE-2026-33509. Authorized attackers could s...
Nautobot 代码问题漏洞
Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained code vulnerabilities. These vulnerabilities stemmed from the Webhook data model and related features being configurable by users with sufficient permissions to send requests...
Nautobot 安全漏洞
Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the REST API, which failed to enforce user viewing permissions when creating or updating objects using...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from a cross-organizational token exchange issue. The...
pyjwt 安全漏洞
PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. There were security vulnerabilities in PyJWT versions 2.8.0 to 2.12.1. These vulnerabilities stemmed from the fact that when verifying separate JWS tokens tha...
pyjwt 安全漏洞
pyjwt is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Security vulnerabilities exist in versions 2.9.0 to 2.12.1 of pyjwt. These vulnerabilities arise when the jwt.decode or jwt.decodecomplete function is called...
pyjwt 安全漏洞
pyjwt is a Python library developed by José Padilla from the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, pyjwt had a security vulnerability. This vulnerability stemmed from the function PyJWKClient.getsigningkey, which forced each JWT...
pyjwt 代码问题漏洞
PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, there were code vulnerabilities in PyJWT. These vulnerabilities stemmed from PyJWKClient directly passing the uri parameter to...
pypdf 资源管理错误漏洞
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.12.0, pypdf had a resource management vulnerability caused by the use of large character offsets when extracting text in layout...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of setting the AMDGPUGEMCREATEVRAMCLEARED flag during VRAM allocation. As a result, newly...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a leak in the queue count when transferring data during operations involving the vsock/virtio...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation of the dacloffset value in the smb client. Malicious servers can return a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a double release of memory during the error path in the RDMA vmwpvrdma driver’s pvrdmaallocuconte...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read in the symlinkdata function within smb/client. This vulnerability arises because...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a path traversal in the mlx5ibdevressrqinit function within RDMA mlx5. This vulnerability may lea...