195539 matches found
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the automated...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from the failure to...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the V1 vi...
dalfox 安全漏洞
Dalfox is an automated cross-site script scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from two stages in ParameterAnalysis where the same closed results channel was written to, potentially causing a panic...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the data...
BentoML 代码注入漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.39, there was a code injection vulnerability. This vulnerability stemmed from the envs.name value...
WeGIA 输入验证错误漏洞
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.7.3 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter...
WeGIA 安全漏洞
WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of a salted SHA-256 hash algorithm in login and password change processes, which could lead to rainbow...
RVF 安全漏洞
RVF is a React form validation and state management tool developed by Aaron Pettengill. Versions of RVF prior to 6.0.0, 6.0.4, and 7.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the setPath function in @rvf/set-get, which did not prevent the proto, constructor, or...
Ella Core 安全特征问题漏洞
Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security feature vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of the security program concurren...
Ella Core 安全特征问题漏洞
Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security feature vulnerabilities. These vulnerabilities stemmed from an unvalidated check to ensure that the UE security...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of an OAuth2/bearer-token authorization middleware when SMF mounted UPI management routing groups,...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from SMF failing to include the necessary inbound OAuth2 middleware when mounting UPI management routing groups. Th...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF route group nnef-callback was mounted, whic...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from NEF terminating the entire process when PFD subscription notifications could not be delivered, potentially...
free5GC 安全特征问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security feature vulnerabilities. These vulnerabilities stemmed from AMF not implementing the concurrent security procedures defined in 3GPP TS 33.501, which could lead to...
Mattermost Plugins 安全漏洞
Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 1.1.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed...
pretix 安全漏洞
Pretix is a ticketing system developed by the German company Pretix. There is a security vulnerability in Pretix. This vulnerability stems from an API endpoint that does not verify whether the UUID used for downloading corresponds to the file that should be downloaded and whether it belongs to th...
Webmin 跨站脚本漏洞
Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a cross-site scripting vulnerability. This vulnerability occurred when viewing SVG document attachments in the mailboxes component,...
Taipy 路径遍历漏洞
Taipy is an open-source application developed by Avaiga. It was designed specifically for data scientists and machine learning engineers to build data and artificial intelligence network applications. Version 4.1.1 of Taipy contains a path traversal vulnerability. This vulnerability stems from th...
Agent Zero 路径遍历漏洞
Agent Zero is an artificial intelligence framework developed by Jan Tomášek as a personal project. Versions of Agent Zero prior to 1.15 contained a path traversal vulnerability. This vulnerability allows unauthorized attackers to access arbitrary files through path traversal...
GuardDog 安全漏洞
GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...
opentelemetry-js 安全漏洞
opentelemetry-js is an open-source framework from OpenTelemetry - CNCF, designed for collecting traces, metrics, and logs from applications. Versions of opentelemetry-js prior to 0.217.0 contained a security vulnerability. This vulnerability stemmed from improper error handling in the URL parsing...
go-git 数据伪造问题漏洞
go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.19.0 and 6.0.0-alpha.3 contained a data manipulation vulnerability. This vulnerability stems from the way Git objects are parsed differently compared to upstream Git. Additionally, t...
LibVNCServer 缓冲区错误漏洞
LibVNCServer is a cross-platform C language library developed by LibVNC, which supports implementing VNC Virtual Network Computing server or client functions within programs. Versions of LibVNCServer prior to 0.9.15 contained a buffer error vulnerability. This vulnerability stemmed from the Tight...
auth0.js 安全漏洞
auth0.js is a client JavaScript toolkit developed by Auth0, open source, for the Auth0 API Application Programming Interface. Versions of auth0.js from 8.11.0 to 9.32.0 contain security vulnerabilities. These vulnerabilities arise because, under certain conditions, the Auth0.js SDK may incorrectl...
Dolibarr ERP/CRM 安全漏洞
Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...
Dolibarr ERP/CRM 安全漏洞
Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...
libusb 缓冲区错误漏洞
libusb is an open-source, cross-platform USB device access library. Versions of libusb prior to 1.0.30 contained a buffer error vulnerability. This vulnerability stems from the use of the original buffer size rather than the remaining size during boundary checks in the parseiadarray function, whi...
uniget 操作系统命令注入漏洞
Uniget is a general-purpose tool for installing and updating software, developed by Uniget itself. Versions of Uniget prior to 0.27.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the direct execution of commands using the Bash shell scri...
Volcano 安全漏洞
Volcano is a batch processing system built using Kubernetes, developed by Volcano OpenSource. Vulnerabilities exist in versions of Volcano before v1.14.2, v1.13.3, and v1.12.4. These vulnerabilities stem from the Webhook server’s lack of a limit on the size of the HTTP request bodies. Pods that...
pam_usb 访问控制错误漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contained an access control vulnerability; this vulnerability stemmed from the denyremote function, which only checks the first 32-bit word of utaddrv...
pam_usb 安全漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contain security vulnerabilities. These vulnerabilities stem from the code in src/tmux.c, which reads the user’s $TMUX environment variable and insert...
pam_usb 授权问题漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 have a vulnerability related to authorization issues. This vulnerability stems from symbolic link attacks involving the pad directory and pad files,...
pam_usb 操作系统命令注入漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contained an operating system command injection vulnerability. This vulnerability stemmed from pamusb-pinentry reading the PINENTRYFALLBACKAPP...
Wireshark 代码问题漏洞
Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.5, as well as 4.4.0 to 4.4.15, have code vulnerabilities that can lead to a...
pam_usb 代码问题漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained code vulnerabilities. This vulnerability stemmed from the fact that the src/log.c file contained a process-level static pointer; each PAM ca...
LangSmith Client SDKs 代码问题漏洞
LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.8.0 and JS/TS versions prior to 0.6.0 have code vulnerabilities. This vulnerability stems from the lack of differentiation between public prompts and internal organization-specifi...
pam_usb 代码问题漏洞
pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 have code vulnerabilities. These vulnerabilities arise from assertions being compiled and removed during memory allocation failures, leading to null...
Mapserver 代码问题漏洞
Mapserver is a set of open-source platforms developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the Web. Versions of MapServer from 6.4.0 to 8.6.3 had code vulnerabilities. These vulnerabilities stemmed from improper handling of...
Pi.Alert 代码注入漏洞
Pi.Alert is a WIFI/LAN intrusion detector developed by Jokob-sk. Versions of Pi.Alert prior to 2026-05-07 had a code injection vulnerability. This vulnerability stemmed from the Web configuration editor, which allowed arbitrary Python code to be injected into the pialert.conf file. Additionally,...
Authlib 安全漏洞
Authlib is an open-source library developed by Authlib, designed to build servers for OAuth and OpenID Connect. Versions of Authlib prior to 1.6.12 and 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from unauthenticated redirection in the OpenIDImplicitGrant and...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.35.4 contained security vulnerabilities. These vulnerabilities stemmed from the fact...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.35.3 contained security vulnerabilities. These vulnerabilities stemmed from VectorDB’s...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack ...
Budibase 信息泄露漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.3 contained a vulnerability related to information leakage. This vulnerability...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from action triggers th...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the POST...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.34.8 contained security vulnerabilities. These vulnerabilities stemmed from the processUrlFile...