131102 matches found
Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability
Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...
Jenkins Pipeline SCM API for Blue Ocean Plugin Unauthorized Access Vulnerability
Blue Ocean plugin is an aggregation tool designed for Jenkins Pipeline and of course compatible with free style projects. It graphically visualizes the pipeline process and makes the pipeline more intuitive. Unauthorized access vulnerability in Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25....
Cross-site scripting vulnerability in Import Files function of multiple Siemens products
Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...
Strapi SQL Injection Vulnerability
Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...
Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2022-79412)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07320)
Adobe Illustrator is a software released by Adobe Systems, Inc. for graphics production. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...
SAP Business Objects Data Forgery Issue Vulnerability
SAP Business Objects is a business intelligence suite from SAP Germany. A security vulnerability exists in SAP Business Objects version 420 that stems from inadequate input validation. An attacker exploits the vulnerability to submit a malicious request...
Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-56704)
Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend, which can be exploited by an authenticated attacker to create a link to a discovery page with reflected Javascript code and send it to other...
Multiple Dahua Products Denial of Service Vulnerabilities
Dahua IPC-HFW2XXX is a series of IP cameras, Dahua IPC-HDBW2XXX is a series of cameras, Dahua ASI7XXXX is a series of face recognition access controllers, and Dahua IPC-HFW2XXX is a series of IP cameras. A denial of service vulnerability exists in several Dahua products, which could be exploited ...
ImpressCMS path traversal vulnerability
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...
Braintree sanitize-url cross-site scripting vulnerability
Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...
IBM Spectrum Copy Data Management Cross-Site Scripting Vulnerability (CNVD-2022-84077)
IBM Spectrum Copy Data Management is an implementation of International Business Machines Corporation IBM to modernize, simplify, and automate data center copy management processes.A cross-site scripting vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 inclusive through...
Moodle SQL Injection Vulnerability (CNVD-2022-09258)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle 3.11 through 3.11.4 suffers from a SQL injection vulnerability that stems from insufficient cleaning of user-supplied data in th...
Apache Kylin OS Command Injection Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark. Apache kylin is vulnerable to operating system command injection, which stems from the fact tha...
ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02473)
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability stems from build 6116 of ManageEngine ADSelfService Plus containing an observable...
DBeaver XML External Entity Injection Vulnerability
DBeaver is a free multi-platform database tool for developers, Sql programmers, database administrators and analysts from the DBeaver team in the U.S. An XML external entity injection vulnerability exists in DBeaver, which stems from a web-based system or product that does not set the correct...
Gerapy Authentication Remote Command Execution Vulnerability
Gerapy is a crawler framework based on the Scrapy Scrapyd Scrapyd Client Scrapyd API Django. Gerapy authenticates remote command execution vulnerabilities, which can be exploited by attackers to gain control of the server...
Linux kernel denial-of-service vulnerability (CNVD-2021-93367)
Linux kernel is a computer operating system kernel written in C and assembly language, POSIX-compliant, and distributed under the GNU General Public License. Linux kernel 5.15.2 and earlier versions contain a security vulnerability that can be exploited by attackers to cause a denial of service...
Google TensorFlow has an unspecified vulnerability (CNVD-2021-92550)
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google, Inc. A security vulnerability exists in versions prior to Google TensorFlow 2.7.0, which stems from an overflow problem in TensorFlow when calculating the output size in the tf.range kernel. No detail...
Google TensorFlow buffer overflow vulnerability (CNVD-2021-64539)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to bind a reference to a null pointer in all operations of type tf.rawops.MatrixSetDiagV to cause undefined...
File Upload Vulnerability in UFIDA Nccloud (CNVD-2021-52060)
NC Cloud is a large enterprise digitalization platform launched by UFIDA. A file upload vulnerability exists in UFIDA Nccloud, which can be exploited by an attacker to upload a webshell and gain server privileges...
Arbitrary File Read Vulnerability in C-Lodop Print Services System
C-Lodop Print Service System is a cloud printing software. An arbitrary file read vulnerability exists in C-Lodop Print Service System, which can be exploited by attackers to obtain sensitive information...
Minecraft remote code execution vulnerability
Minecraft My World is a sandbox game by Mojang of Sweden. a security vulnerability existed before Minecraft 1.16.1.7, which stems from the BDew BdLib library allowing remote code execution to deserialize untrusted data in ObjectInputStream. No detailed vulnerability details are currently availabl...
Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30438)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in prost crate in Mozilla Rust versions prior to 0.6.1, which stems from stack consumption via crafted messages, can be exploited by an attacker to cause a denial of service or remote co...
nginx denial of service vulnerability (CNVD-2018-22805)
nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server. A security vulnerability exists in the HTTP/2 implementation of nginx versions prior to 1.15.6 and 1.14.1. An attacker can exploit the vulnerability to consume a large amount of memory space...
Python package pysaml2 information disclosure vulnerability
The Python package pysaml2 is a Python based implementation of the SAML protocol for exchanging authentication and authorization data between security domains. An information disclosure vulnerability exists in Python package pysaml2 4.4.0 and earlier. An attacker can exploit this vulnerability to...
Microsoft Internet Explorer and Microsoft Edge Information Disclosure Vulnerability (CNVD-2017-12102)
Microsoft Internet Explorer IE and Microsoft Edge are both web browsers developed by the American company Microsoft. The former is the default browser that came with operating systems before Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10...
Memory Corruption Vulnerability in Apple Logic Pro X and GarageBand
Apple Logic Pro x is an official music production and editing software from Apple; GarageBand is a music performance, synthesis, and recording tool for Apple machines. A memory corruption vulnerability exists in Apple Logic Pro X and GarageBand. An attacker could exploit the vulnerabilities to...
Python Cryptography Security Bypass Vulnerability
Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security bypass vulnerability in Python Cryptography versions prior to 1.5.3 allows attackers to bypass...
Ruby on Rails Action View Cross-Site Scripting Vulnerability
Ruby on Rails Rails is a set of open source web application frameworks based on the Ruby language developed and maintained by the Rails core team, which was spun off from Basecamp, a project management tool from 37signals in the U.S.A. David Heinamer Hansen's Action View is one of the code...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-17912)
Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a suite of operating systems developed for mobile devices.Apple iPadOS is a suite of operating systems for the iPad tablet computer. A security vulnerability exists in...
CampCodes Online Shopping Portal /my-account.php File SQL Injection Vulnerability
CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...
Kingdee CloudStar ERP suffers from deserialization vulnerability
Kingdee Cloudstar is a cloud-based enterprise resource management ERP software that provides integrated solutions for financial management, supply chain management, and business process management. A deserialization vulnerability exists in Kingdee CloudStar ERP, which can be exploited by attacker...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-9821890)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An out-of-bounds read vulnerability exists in Adobe Dimension 3.4.10 and earlier versions, which can be exploited by an attacker to cause a sensitive memory leak...
Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)
Apache Tomcat is the United States Apache Apache Foundation, a lightweight Web application server. Apache Tomcat suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service...
Google Android Kernel elevation of privilege vulnerability (CNVD-2023-12019)
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in veritytarget in dm-verity-target.c of the Google Android Kernel, which stems from the program not properly checking for privileges. An attacker could exploit the vulnerabili...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-18289)
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office Visio. An attacker could exploit this vulnerability to execute code on the target host...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04324)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Buildah has unspecified vulnerabilities
Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...
Silverstripe framework cross-site scripting vulnerability
Silverstripe framework is an application from Silverstripe New Zealand. Empowering powerful digital teams by creating a platform for digital change. silverstripe framework 4.10.0 and previous versions contain a cross-site scripting vulnerability that stems from the use of jQuery 1.7.2, which is...
Apache SOAP authentication error vulnerability
Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...
Google Chrome V8 Code Execution Vulnerability (CNVD-2022-85092)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to execute arbitrary code or cause a denial of service on a system...
Nasm buffer overflow vulnerability (CNVD-2022-69151)
Nasm is an open source programming tool software. A buffer overflow vulnerability exists in Nasm v2.16, which stems from the inclusion of a stack overflow in the Ndisasm component. No detailed vulnerability details are provided at this time...
ASUS RT-AX56U Buffer Overflow Vulnerability
ASUS RT-AX56U is a wireless router from ASUS, China.ASUS RT-AX56U Router firmware version 3.0.0.4.386.44266 has a buffer overflow vulnerability, which stems from the strcat function's lack of length checks for user input data, which can be exploited by attackers to remotely execute commands...
Apache Pulsar Trust Management Issues Vulnerability
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...
Samsung App lock authentication error vulnerability
Samsung App lock is an application for Samsung Samsung mobile devices that protects your privacy with password lock, graphical lock, and fingerprint lock.Samsung App lock suffers from an authentication error vulnerability that stems from the lack of proper authentication logic in AppLock, which c...
Google Android Information Disclosure Vulnerability (CNVD-2022-61753)
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information leakage vulnerability that could be exploited by attackers to obtain sensitive information...
Google Android has an unspecified vulnerability (CNVD-2022-53377)
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from a placeCall in TelecomManager.java, where the application can keep itself running through foreground service importance due to a privilege bypass. The...
Wolters Kluwer TeamMate Audit SQL Injection Vulnerability
Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...