130997 matches found
Logic Flaw Vulnerability in Netnifty's Web Tampering Prevention System
Beijing Netnifty Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products, and providing hierarchical overall security solutions and security profession...
Google Android elevation of privilege vulnerability (CNVD-2022-50271)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Huawei HG659 suffers from information leakage vulnerability
The Huawei HG659 is a home gateway. An information disclosure vulnerability exists in Huawei HG659, which can be exploited by attackers to obtain sensitive information...
Jenkins EasyQA Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins EasyQA Plugin 1.0 and prior...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-17321)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a resource management error that stems from an AliasSet bug used in JIT Codegen. An attacker could exploit the vulnerability to cause a denial of service with the help of special...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-47669)
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in onCreate of KeyChainActivity.java. The application certificate stored in the keychain can be exploited by an attacker, who can use t...
IBM Sterling Partner Engagement Manager信息泄露漏洞
IBM Sterling Partner Engagement Manager is an automated management tool from IBM Corporation. IBM Sterling Partner Engagement Manager version 6.2.0 is vulnerable to an information disclosure vulnerability that could be exploited by a remote, authenticated attacker to obtain sensitive information ...
Aruba Networks ArubaOS Operating System Command Injection Vulnerability
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability stems from multiple vulnerabilities identified in Aruba products. The vulnerabilities could be exploited by an...
Doodle Smart app and Doodle Converter (smart socket) have a flawed logic vulnerability
Doodle Smart is an IoT cloud platform that connects brands, OEMs, developers and chain retailers with their intelligence needs, providing a one-stop AI IoT PaaS-level solution that covers hardware development, global cloud, and smart business platform development, providing comprehensive ecologic...
Mozilla Firefox Elevation of Privilege Vulnerability (CNVD-2023-17318)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An elevation of privilege vulnerability exists in versions of Mozilla Firefox prior to 96.0. An attacker could exploit this vulnerability to elevate privileges by making the program search for system libraries i...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-17325)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. versions prior to Mozilla Firefox 103 are vulnerable to a resource management error that stems from a cache preload error. When loading a script with subresource integrity, an attacker could exploit the vulnerability to...
Google Android elevation of privilege vulnerability (CNVD-2022-50277)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Google Android elevation of privilege vulnerability (CNVD-2022-50274)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48947)
Fast Food Ordering System, a fast food ordering system from Carlo Montero's personal developer, is vulnerable to a SQL injection vulnerability in version 1.0 of Fast Food Ordering System, which originates in /ffos/classes/Master.php?f=delete category page lacks validation of externally entered SQ...
HUAWEI HarmonyOS code issue vulnerability (CNVD-2022-47648)
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in HUAWEI HarmonyOS 2.0, which stems from a null pointer and array out-of-bounds vulnerability in the...
WordPress WP Meta SEO plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress prior to WP Meta SEO plugin 4.4.7,...
Apache Apisix Remote Code Execution Vulnerability
Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...
Oracle MySQL has an unspecified vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation USA...
Google Android elevation of privilege vulnerability (CNVD-2022-50280)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by attackers to elevate privileges...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48948)
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/classes/Master.php?f=deletemenu The page lacks validation for external input SQL statements, which...
Fast Food Ordering System跨站脚本漏洞
A cross-site scripting vulnerability exists in Fast Food Ordering System 1.0, which stems from a lack of filtering and escaping of the parameter Description in Master.php, which could be exploited by an attacker to execute JavaScript code on the client side. vulnerability can be exploited to...
HUAWEI EMUI and Magic UI Authorization Issue Vulnerability
HUAWEI EMUI and Magic UI is an Android-based mobile operating system developed by the Chinese company Huawei HUAWEI. HUAWEI EMUI and Magic UI suffers from an authorization issue vulnerability that stems from a lack of authorization in a system component, which can be exploited by an attacker to...
Adobe Illustrator out-of-bounds read vulnerability
Adobe Illustrator is a vector-based image creation software from Adobe, Inc. An out-of-bounds read vulnerability exists in Adobe Illustrator, which could be exploited to trick victims into opening a carefully constructed file, triggering an out-of-bounds read error and reading the contents of...
Apache HTTP Server Cross-Site Request Forgery Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...
WordPress WP Contacts Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress WP Contacts Manager is vulnerable to a SQL injection vulnerability, which...
WordPress JupiterX Theme and JupiterX Core Plugin Access Control Error Vulnerability
JupiterX Core is a Wordpress Advanced View plugin. WordPress JupiterX Theme and JupiterX Core Plugin are vulnerable to an access control error that could be exploited by attackers to compromise site security or functionality...
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server version 2.4.49 path traversal vulnerability , the vulnerability stems from the introduction of apnormalizepath...
Samsung SecSoterService information disclosure vulnerability
Samsung SecSoterService is a service for Samsung Samsung mobile devices. Samsung SecSoterService is vulnerable to an information disclosure vulnerability that stems from the improper use of unique device IDs in unprotected SecSoterService, which could be exploited by an attacker to unauthorized...
Weak password vulnerability in the virtualization authorization management system of Deepcore Technology Co.
DeepService Technology Co., Ltd. is a product and service provider specializing in enterprise-class network security, cloud computing, IT infrastructure and the Internet of Things IoT. A weak password vulnerability exists in the virtualization authorization management system of DeepSign Technolog...
Logic Flaw in Webpage Tampering Prevention System of Beijing Netnifty Nebula Information Technology Co.
Beijing Netnifty Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products, and providing hierarchical overall security solutions and security profession...
Xiaomi Router AX3600 Command Injection Vulnerability
Xiaomi router AX3600 is a router from Xiaomi, China.A command injection vulnerability exists in Xiaomi Router AX3600 prior to 1.1.15, which stems from a lack of inspection of incoming data and can be exploited by attackers to execute code...
Apache HTTP Server Code Execution Vulnerability (CNVD-2025-30835)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...
Jenkins Embeddable Build Status Plugin授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that is vulnerable to an authorization issue in Jenkins Embeddable Build Status Plugin 2.0.3 and earlier, which stems from an inability to properly perform a ViewStatus...
Product Show Room Site SQL Injection Vulnerability (CNVD-2022-48958)
Product Show Room Site is a product showroom site from Carlo Montero's personal developer. version 1.0 of Product Show Room Site is vulnerable to SQL injection, which originates from /psrs/admin/categories/managecategory.php? id=The page lacks validation for external input SQL statements, which c...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48946)
Fast Food Ordering System is a fast food ordering system from Carlo Montero's personal developer. version 1.0 of Fast Food Ordering System is vulnerable to SQL injection, which originates from /ffos/admin/menus/managemenu.php?id= The page lacks validation for external input SQL statements, which...
Cisco Secure Network Analytics Remote Code Execution Vulnerability
Cisco Secure Network Analytics is one of the most comprehensive visibility and network traffic analysis Nta/network detection and response Ndr solutions from Cisco. Cisco Secure Network Analytics is vulnerable to a remote code execution vulnerability that could be exploited by an attacker to...
IBM Security Verify Access Input Validation Error Vulnerability
IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...
Fast Food Ordering System SQL Injection Vulnerability (CNVD-2022-48950)
Fast Food Ordering System, a fast food ordering system from Carlo Montero's personal developer, is vulnerable to a SQL injection vulnerability in version 1.0 of Fast Food Ordering System, which originates in /ffos/admin/categories/viewcategory. php?id=The page lacks validation for external input...
WordPress plugin Tabs cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Tabs is vulnerable to a cross-site scripting vulnerability that stems from the Tabs...
WordPress Nirweb support SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Nirweb support is vulnerable to SQL injection, a vulnerability that stems from...
WordPress Popup Box plugin local file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Pop...
ZTE ZXMP M721 Privilege and Access Control Vulnerability
The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE Corporation ZTE in China.The ZTE ZXMP M721 has a privilege and access control vulnerability, which stems from the fact that the folder privilege viewed by sftp is 666, which is inconsistent with the actual privilege,...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-47672)
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in onEntryUpdated in OngoingCallController.kt, and due to intent redirection, can initiate non- exported activity, an attacker can use...
AngularJS Cross-Site Scripting Vulnerability (CNVD-2020-53539)
AngularJS is a TypeScript-based open source web application framework. A cross-site scripting vulnerability exists in angular.js versions prior to 1.8.0. The vulnerability stems from the lack of proper validation of client-side data in the WEB application. An attacker can exploit the vulnerabilit...
MinIO Information Disclosure Vulnerability
MinIO is an open source object storage server from MinIO, Inc. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO is vulnerable to an information disclosure vulnerability that stems from the fact that in a cluster deployment MinIO...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-17324)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A remote code execution vulnerability exists in versions prior to Mozilla Firefox 103, which originates from a boundary error when processing HTML content, and is exploited by an attacker to create a...
Jenkins Storable Configs Plugin XML External Entity Injection Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...
Adobe Illustrator 2021 OS Command Injection Vulnerability
Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 version 25.2.3 and earlier is vulnerable to a security flaw. An attacker can exploit this vulnerability to achieve arbitrary code execution in the context of the current user...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-30837)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.30 through 2.4.66 and earlier, which can be exploited by an...
Multiple Adobe Products Resource Management Error Vulnerability (CNVD-2022-46973)
Adobe Acrobat is a set of tools for editing and converting PDF files.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. A resource management error vulnerability exists in several Adobe products, which can be exploited by attackers to cause a sensitive...