195539 matches found
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from action triggers th...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the POST...
Budibase 安全漏洞
Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.34.8 contained security vulnerabilities. These vulnerabilities stemmed from the processUrlFile...
FileRise 访问控制错误漏洞
FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.12.0 contained an access control vulnerability. This vulnerability stemmed from the /api/totpsetup.php endpoint, which could be accessed via a session that only requires password...
Botan 安全漏洞
Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.12.0 contained security vulnerabilities. These vulnerabilities were caused byBER data, which led to reassembly behavior by the parser, potentially resulting in denial-of-service attack...
Cinny 输入验证错误漏洞
Cinny is a simple and secure instant messaging client developed by Cinny OpenSource. Versions of Cinny prior to 4.10.3 contained a vulnerability related to input validation errors. This vulnerability arose due to EmojiBoard using an untrusted pack.meta.avatar as a URL without validation, and...
go-ipld-prime 安全漏洞
go-ipld-prime is an implementation of the IPLD open-source specification interface. Versions of go-ipld-prime prior to 0.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the DAG-CBOR and DAG-JSON decoders having no depth limit when decoding nested mappings or lists, whi...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF route group nnef-pfdmanagement was mounted...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF module mounted the nnef-oam routing group...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the DELETE handler in UDR containing null pointer dereferencing, which could potentially cause a repeated panic to...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the NEF patch handler’s inability to handle UDR calls properly, leading to null pointer dereferencing and...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the DELETE handler in SMF unconditionally canceling the reference to UPF objects, which could lead to a null...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the PUT processor in the BSF module, which allowed unsynchronized writes to the global Subscriptions mapping,...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing in the PCF’s app-sessions handler under certain conditions, which could lead to a 500...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF module mounted the 3gpp-pfd-management API...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by node.js’s built-in APIs. There is a security vulnerability in Erlang/OTP, which stems from improper certificate verification in the publickey module. This vulnerability allows...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the absence of authentication middleware in the PCF NpcfSMPolicyControl component, which could allow...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the PCF’s HandleCreateSmPolicyRequest handler, which encountered a null pointer dereferencing when UDR returne...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from AMF’s failure to verify the UE security capabilities in NGAP PathSwitchRequest messages. This could allow...
Webmin 安全漏洞
Webmin is a set of web-based system management tools for Unix-like operating systems, developed by the Webmin community. Versions of Webmin prior to 2.640 contained a security vulnerability, which stemmed from the insecure construction of the attachment save file name in the mailboxes/detachall.c...
Agent Zero 跨站脚本漏洞
Agent Zero is an artificial intelligence framework developed by Jan Tomášek. Versions of Agent Zero prior to 1.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of security headers when SVG files were provided through the imageget endpoint, which could le...
Dolibarr ERP/CRM 安全漏洞
Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Versions of Dolibarr ERP/CRM from 22.0.0 to 22.0.4, as wel...
PostgreSQL Anonymizer 安全漏洞
PostgreSQL Anonymizer is an open-source extension developed by DALIBO in France, designed to mask or replace personally identifiable information PII or commercially sensitive data in PostgreSQL databases. PostgreSQL Anonymizer has a security vulnerability that stems from allowing users to obtain...
IBM多款产品 安全漏洞
IBM WebSphere Application Server WAS, among others, are products of the American multinational company IBM. IBM WebSphere Application Server is an application server product. IBM WebSphere Application Server Liberty is a Java application server built upon the Open Liberty project. IBM webMethods...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the WebAppInstalls component reusing resources after release, potentially allowing remote attackers to exploit...
IBM Netezza Performance Server Replication Services 安全漏洞
IBM Netezza Performance Server Replication Services is a data warehouse replication and synchronization service provided by IBM. There are security vulnerabilities in versions 3.0.2.0 to 3.0.5.0 of IBM Netezza Performance Server Replication Services. These vulnerabilities allow low-privilege...
IBM i 安全漏洞
IBM i is an operating system developed by the American International Business Machines IBM company, which runs on IBM Power Systems and IBM PureSystems. Versions 7.6, 7.5, 7.4, and 7.3 of IBM i have security vulnerabilities. These vulnerabilities stem from uncontrolled recursion in the Integrated...
Jenkins Multijob Plugin 安全漏洞
Jenkins Multijob Plugin is an open-source plugin for Jenkins that manages multi-task builds. The Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier versions have security vulnerabilities. These vulnerabilities stem from cross-site request forgery attacks, which may allow attackers to restore...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability, which stemmed from type confusion in the V8 engine. This vulnerability could allow attackers to execute arbitrary code within a sandbox by convincing users...
sherlock 操作系统命令注入漏洞
Sherlock is an open-source username search tool developed by Sherlock. Versions of Sherlock prior to 0.16.1 contained a vulnerability related to operating system command injection. This vulnerability originated from the pullrequesttarget trigger in the GitHub Actions workflow...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2-11575 and...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Skia component’s tendency to reuse resources after release, which could allow remote attackers with access t...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bounds read issue in the WebGL component, which could allow remote attackers to exploit the vulnerability...
Google Chrome on Android 输入验证错误漏洞
Google Chrome on Android is a web browser in the Android operating system developed by Google Inc. Versions prior to 148.0.7778.216 of Google Chrome on Android had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs in Skia, whi...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2-11575 and...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on iOS prior to 148.0.7778.216, there was a security vulnerability. This vulnerability stemmed from improper implementation in iOS, which could allow remote attackers to leak cross-source data through specially...
Northern.tech Mender Client 安全漏洞
The Northern.tech Mender Client is a device remote update and management client provided by the Northern.tech company in the United States. Versions of the Northern.tech Mender Client prior to version 5.0.4 contained security vulnerabilities, which were caused by bypassing encryption signature...
Jenkins buildgraph-view Plugin 安全漏洞
The Jenkins buildgraph-view Plugin is an open-source plugin for visualizing Jenkins build processes. The Jenkins buildgraph-view Plugin versions 1.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of escaping of build URLs, which may lead to storage-side...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome on Windows before 148.0.7778.216 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds read operations in Dawn, which could allow remote attackers to exploit the vulnerability by...
WordPress plugin MetaMagic SEO Plugin 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Enable jQuery Migrate Helper 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. Versions of Hitachi Vantara Pentaho Data Integration and Analytics prior to 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, contained security...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs during USB communication, which could allow remote attackers...
Gladinet Triofox 安全漏洞
Gladinet Triofox is an enterprise file sharing and remote access platform developed by the American company Gladinet. There is a security vulnerability in Gladinet Triofox, which stems from path traversal when processing URL paths starting with /woshome...
Synology Surveillance Station 安全漏洞
Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.216 for Android, there was a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs by the WebAppInstalls component, which could allow local...
IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 代码问题漏洞
IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. The IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. The IBM Aspera High-Speed Transfer...