131102 matches found
WordPress Booster for WooCommerce plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-87652)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing. An attacker could exploit the vulnerability with a specially crafted website to spoof content and trick users into believing that the site i...
Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08751)
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion contains a path traversal vulnerability, which...
SAP Manufacturing Execution Path Traversal Vulnerability
SAP Manufacturing Execution is an integrated Manufacturing Execution System MES solution for discrete manufacturing processes from SAP. Enables MES functionality to be customized specifically for the management and control of production environments. A path traversal vulnerability exists in SAP...
Google Android elevation of privilege vulnerability (CNVD-2022-81237)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from proxy obfuscation in the CarSettings of the application package, which can be exploited by an attacker to cause an elevation of privilege i...
Linux kernel competition condition issue vulnerability (CNVD-2022-74091)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a contention problem that originates from a contention problem in the perfeventopen function, which can be exploited by local attackers to elevate privileges...
F5 NGINX Instance Manager Denial of Service Vulnerability
NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...
FeehiCMS arbitrary file upload vulnerability
FeehiCMS is a Php-based CMS builder from Liufee Personal Developers.FeehiCMS version v2.1.1 is vulnerable to arbitrary file uploads. The vulnerability stems from the lack of valid validation of uploaded files by the application. An attacker can exploit the vulnerability to execute arbitrary code ...
IBM QRadar SIEM Licensing Issue Vulnerability (CNVD-2022-83585)
IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar SI...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-53246)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL version 8.0.28 and prior versions. The vulnerability originates from an attacker with...
SAP BusinessObjects Business Intelligence Platform SQL Injection Vulnerability
SAP Business Objects is a business intelligence suite from SAP Germany. An SQL injection vulnerability exists in SAP BusinessObjects Business Intelligence Platform versions 420 and 430, which can be exploited by an authenticated attacker to query and extract SQL backend data through the BI...
WordPress Gallery plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Google Android Buffer Overflow Vulnerability (CNVD-2022-53367)
Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which stems from the fact that the UE and EMM use NAS messages to communicate with each other. The vulnerability can be exploited to remotely crash the modem...
DCMTK Denial of Service Vulnerability
DCMTK is a collection of libraries and applications that implement most DICOM standards. Software for inspecting, building and converting DICOM image files, handling offline media, sending and receiving images over a network connection, and demo image storage and worklist servers. a denial of...
Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...
Apache Sling Log Injection Vulnerability
Apache Sling is an open source Web framework for the Java platform from the Apache Foundation. Designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit, a log injection vulnerability exists in Apache Sling Commons Log version 5.4.0 and...
Owl Labs Meeting Owl Trust Management Issue Vulnerability
Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to a trust management issue, which could be exploited by an attacker to activate network sharing mode using hard-coded hoothoot credentials via a certain c 150 value...
Aruba ClearPass Policy Manager Authentication Bypass Vulnerability (CNVD-2022-64232)
Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has an authentication bypass vulnerability, which can be exploited by attackers to bypass authentication leading to remote code...
Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2022-64231)
Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a command injection vulnerability, the vulnerability stems from the user input structure to execute the command process, the...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61334)
OpenEMR is an open source medical management system from the OpenEMR community. A cross-site scripting vulnerability exists in versions of OpenEMR prior to 6.1.0.1, which stems from a lack of data validation filters for user-supplied data and output data in the file name on the "Upload Document...
Microsoft Windows Network File System Remote Code Execution Vulnerability (CNVD-2022-74601)
Microsoft Windows Network File System is a file sharing solution from Microsoft that allows you to transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. Network File System is vulnerable to a remote code execution vulnerability caused by a flaw...
RiteCMS path traversal vulnerability
RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...
Samsung Flow Access Control Error Vulnerability
Samsung flow is an application for Samsung Samsung mobile devices, a software used to connect Samsung to Win10-based computers for a seamless, secure, and connected experience.An access control error vulnerability exists in versions prior to Samsung Flow 4.8.06.5, which stems from a lack of prope...
jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65620)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...
WordPress WP-DownloadManager plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WP-DownloadManager plugin version 1.68.6...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53560)
TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R is vulnerable to command injection, which can be exploited by attackers via the exportOvpn interface of cstecgi.cgi...
Red Hat 389 Directory Server Code Issue Vulnerability
Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat, Inc. The server fully supports the LDAPv3 specification and features scalable, multi-master replication, etc. A security vulnerability exists in Red Hat 389 Directory...
WordPress Page Builder KingComposer plugin access control error vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...
Samsung AppLock licensing issue vulnerability
Samsung AppLock is an application lock for Samsung mobile devices used to lock applications on Android.An authorization issue vulnerability exists in Samsung AppLock, which stems from a lack of authentication measures or insufficient authentication strength for Unprotected Activity in AppLock. An...
Google Chrome Omnibox code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Omnibox, which is caused by a confusion in the program's instructions for freeing memory and can be exploited by attackers to execute arbitrary code on the system or cause a denial of service...
MaxSite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33826) (CVE-2022-25413)
MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.MaxSite CMS 108 has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks via the ftags parameter in /admin/pageedit/3...
WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...
Linux kernel buffer overflow vulnerability (CNVD-2022-68616)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...
Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)
Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...
Jenkins Badge Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...
Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...
Kaseya Unitrends Backup Appliance has an unspecified vulnerability
Unitrends Backup UB is a suite of data protection software from Unitrends, Inc. that provides data backup, data recovery and deduplication functions.A security vulnerability exists in the Kaseya Unitrends Backup Appliance, which could be exploited by an attacker to log into the target system...
Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10290)
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. A buffer overflow vulnerability exists in InsydeH2O, which stems from the SWSMI handler not adequately...
Google Android out-of-bounds write vulnerability (CNVD-2021-101950)
Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds write vulnerability exists in Google Android, which can be exploited by attackers to cause remote information disclosure without additional execution privileges...
Atomix Denial of Service Vulnerability
Atomix is a fault-tolerant distributed orchestration framework for JAVA 8. A denial-of-service vulnerability exists in Atomix version 3.1.5. An attacker could exploit this vulnerability to cause a denial of service via a false link event message sent to the primary ONOS node...
Apache log4j2 denial of service vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j2 suffers from a denial-of-service vulnerability. When improperly configured, an attacker can exploit the vulnerability to cause a denial-of-service attack...
Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101428)
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. an elevation of privilege vulnerability exists in the Google Android Kernel component Kernel, which could be exploited by an attacker to cause a local elevation of privilege that...
Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84817)
Chrome is a web browsing tool developed by Google. a heap buffer overflow vulnerability exists in WebRTC in versions prior to Google Chrome 94.0.4606.81. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78432)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the putweightedpredavg16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
Microsoft MSHTML Remote Code Execution Vulnerability
MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...
LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...
ForgeRock AM code issue vulnerability
ForgeRock AM is an open source access management, privilege control platform with widespread use in universities and social organizations.ForgeRock AM is vulnerable to a code issue that could be exploited by an unauthenticated attacker to remotely execute arbitrary code by constructing a special...
HP PageWide Pro 477dw MFP has an unauthorized access vulnerability
Hewlett-Packard Trading Shanghai Co., Ltd. is a company whose business scope includes computer hardware and software equipment, printing equipment, imaging equipment, communication equipment and so on. An unauthorized access vulnerability exists in HP PageWide Pro 477dw MFP, which can be exploite...
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code injection...