130997 matches found
Linux kernel elevation of privilege vulnerability (CNVD-2022-69204)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability, which stems from watchqueue triggering a memory corruption in the Linux kernel that could be exploited by an attacker to gain elevat...
Product Show Room Site跨站脚本漏洞
Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to cross-site scripting, which stems from the fact that entering a special string into the Message text box leads to cross-site scripting. No details of t...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48945)
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/categories/managecategory .php?id=The page lacks validation for external input SQL statement...
Adobe Media Encoder Memory Corruption Vulnerability (CNVD-2022-50236)
Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A memory corruption vulnerability exists in Adobe Media Encoder version 15.4 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current...
Jenkins Pipeline Security Feature Issue Vulnerability
Jenkins Pipeline is a set of plugins that support the implementation and integration of continuous delivery pipelines into Jenkins.Jenkins Pipeline: Groovy Plugin is vulnerable to a security feature issue that could be exploited by an attacker to load any Groovy source file on the class path of...
WordPress Code Snippets Extended跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Code...
Unspecified Vulnerability in Exim (CNVD-2022-56952)
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A security vulnerability exists in Exim versions prior to 4.95, which stems from a heap-based buffer overflow in the alias list in hostnamelookup when senderhostname is set. No details of t...
flatCore remote code execution vulnerability
flatCore is a PHP and SQLite based Web Content Management System CMS. flatCore version 2.0.7 is vulnerable to remote code execution. An attacker can exploit the vulnerability to execute arbitrary php code by uploading the addon plugin...
Google Android Resource Management Error Vulnerability in Android (CNVD-2022-47667)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to a resource management error that could be exploited by attackers to cause a local privilege escalation...
Adobe Character Animator 2021 memory buffer out-of-bounds access vulnerability
Adobe Character Animator is a motion capture and animation tool that provides everyone with an easy-to-use solution for intuitive 2D character animation, real-time animation, and easy sharing and publishing of characters. Adobe Character Animator 2021 4.4 and earlier versions have a memory buffer...
Adobe Illustrator 2021 out-of-bounds read vulnerability
Adobe Illustrator 2021 is a vector drawing software. Adobe Illustrator 2021 25.2.3 and earlier versions contain an out-of-bounds read vulnerability when handling specially crafted files. An attacker could exploit this vulnerability to cause a memory leak...
Apache HTTP Server Server-Side Request Forgery Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53557)
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the filename parameter in /setting/setUploadSetting...
Google Android Information Disclosure Vulnerability (CNVD-2022-50279)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2023-72223)
Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which can be exploited by an attacker to execute arbitrary code on a system...
WordPress Code Snippets Extended Cross-Site Request Forgery Vulnerability (CNVD-2022-49396)
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended is vulnerable to cross-site request forgery, which can be exploited by...
Jenkins Beaker builder Plugin跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...
Fast Food Ordering System Arbitrary File Deletion Vulnerability
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to an arbitrary file deletion vulnerability, which originates in /ffos/classes/Master.php?f=deleteimg page lacks valid validation and can be...
Jenkins Autocomplete Parameter Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the program not properly escaping the names of th...
Google Android Information Disclosure Vulnerability (CNVD-2022-50278)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...
Jenkins EasyQA Plugin Cross-Site Request Forgery Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...
Jenkins EasyQA Plugin Cross-Site Request Forgery Vulnerability (CNVD-2022-49793)
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...
WordPress Code Snippets Extended跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended has a cross-site scripting vulnerability, and no details of the...
Apache HTTP Server Code Issue Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code issue vulnerability exists in Apache HTTP Server that stems from a null pointer reference error in the product. The...
Cisco AppDynamics Controller Authorization Issues Vulnerability
Cisco AppDynamics Controller is Cisco's ability to monitor and analyze full-stack data through accurate tracking and analysis across a highly distributed application environment. Cisco AppDynamics Controller suffers from an authorization issue vulnerability that arises from incorrect authorizatio...
Jenkins vboxwrapper Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins vboxwrapper Plugin 1.3 and earlier versions are vulnerable to a...
Apple WebKit Out-of-Bounds Write Vulnerability
WebKit is the engine for Safari and other browsers on iOS and iPadOS. The Apple WebKit out-of-bounds write vulnerability can be exploited by an attacker to execute arbitrary code by tricking a user into visiting a specially crafted website...
Sourcecodester Hospital Patient Records Management System SQL注入漏洞(CNVD-2022-48760)
Sourcecodester Hospital Patient Records Management System is a web-based application that provides hospitals with an automated platform to store and manage their patient records. sourcecodester Hospital Patient Records Management System is vulnerable to SQL injection, which originates from...
lighttpd Buffer Overflow Vulnerability
lighttpd is an open source web server. A buffer overflow vulnerability exists in Lighttpd versions 1.4.46 through 1.4.63, which stems from the modextforwardForwarded function in the product's modextforward plugin failing to handle memory boundaries effectively. An attacker could exploit this...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2024-36387)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...
Jenkins Promoted Builds (Simple) Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
xiaohuanxiong SQL injection vulnerability
xiaohuanxiong is an open source comic CMS by guoguo individual developers. xiaohuanxiong version 1.0 is vulnerable to SQL injection, which originates from the id parameter in /app/controller/Books.php. No detailed vulnerability details are available...
SQL Injection Vulnerability in Ai Qing Lemon CMS (CNVD-2021-51254)
Aizumi CMS is a php music website developed with php MySQL. Aizumi CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
Jenkins Convertigo Mobile Platform Plugin跨站请求伪造漏洞(CNVD-2022-49790)
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to perform permission checks in the...
Jenkins Agent Server Parameter Plugin Cross-Site Scripting Vulnerability (CNVD-2022-49787)
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.A cross-site scripting...
Adobe Photoshop Out-of-Bounds Read Vulnerability (CNVD-2022-50237)
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. An out-of-bounds read vulnerability exists in Adobe Photoshop. An attacker could exploit this vulnerability to cause a sensitive memory leak...
Adobe Character Animator out-of-bounds read vulnerability
Adobe Character Animator is a motion capture and animation tool that provides everyone with an easy-to-use solution for intuitively animating 2D characters, animating in real time, and easily sharing and publishing characters. an out-of-bounds read vulnerability exists in Adobe Character Animator...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48949)
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/sales/receipt.php?id=page missing validation of external input SQL statements, which can be...
Atlassian Fisheye and Crucible Code Execution Vulnerabilities
Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. A security vulnerability exists in Atlassian Fishey and Crucible versions prior to 4.8.9, which can be exploited by an attacker to inject arbitrary HTML and/or JavaScript...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59686)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application allows computers and devices to quickly read and efficiently perform video encoding or HEVC video. Microsoft HEVC Video Extensions suffers from a remote code execution vulnerability th...
File upload vulnerability exists in Panavision e-office (CNVD-2021-49104)
Panmicro e-office is a standard collaborative mobile office platform under Panmicro. A file upload vulnerability exists in Panmicro e-office, which can be exploited by an attacker to gain control of the server...
JoomShaper SP Page Builder Lite suffers from a SQL Injection Vulnerability
SP Page Builder is a free page builder component that users can use to design and edit website page content on joomla sites. JoomShaper SP Page Builder Lite suffers from a SQL injection vulnerability that can be exploited by an attacker to obtain sensitive database information...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...
Jenkins Beaker builder Plugin Cross-site Request Forgery Vulnerability (CNVD-2022-49788)
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...
Product Show Room Site SQL Injection Vulnerability (CNVD-2022-48961)
Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from /psrs/admin/?page=products/viewproduct&id= page has a SQL injection issue. No detailed vulnerability details are...
Google Android Information Disclosure Vulnerability (CNVD-2022-50275)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...
Jenkins SSH Plugin Cross-Site Request Forgery Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...
Jenkins Random String Parameter Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins Plugin is a cross-site scripting vulnerability in Jenkins Random Stri...
Jenkins SSH Plugin Permissions and Access Control Issues Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins SSH Plugin 2.6.1 and earlier...
Panmicro ecology9 SQL Injection Vulnerability
Ecology9 is a new and efficient collaborative office system created by Panmicro for medium and large organizations. There is a SQL injection vulnerability in Panmicro ecology9, which can be exploited by attackers to obtain sensitive database information...