131102 matches found
Nginx NJS Denial of Service Vulnerability (CNVD-2022-66505)
Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. njs is one of the scripting language components that supports extended NGINX functionality . A denial of service vulnerability exists in Nginx NJS version v0.7.2, which originates from a...
School Dormitory Management System Cross-Site Scripting Vulnerability
School Dormitory Management System is a school dormitory management system. v1.0 of School Dormitory Management System has a cross-site scripting vulnerability that originates from admin/inc/navigation.php:125 page that lacks a filter for user The vulnerability is caused by a lack of checksum...
Online Fire Reporting System SQL Injection Vulnerability (CNVD-2022-55739)
Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=requests/ managerequest&id=Lack of validation of external input SQL...
Car Rental Management System SQL Injection Vulnerability (CNVD-2022-61085)
Car Rental Management System is a car rental management system. SQL injection vulnerability exists in Car Rental Management System, which can be exploited by attackers to view, add, modify or delete information in the back-end database...
Owl Labs Meeting Owl Trust Management Issue Vulnerability
Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Owl Labs Meeting Owl version 5.2.0.15 is vulnerable to a trust management issue, which could be exploited by an attacker to activate network sharing mode using hard-coded hoothoot credentials via a certain c 150 value...
XXL-JOB Cross-Site Scripting Vulnerability (CNVD-2022-66673)
XXL-JOB is a java-based distributed task scheduling platform from the XXL XXL-JOB community. xxl-job version 2.3.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute JavaScript programs...
TOTOLINK EX1200T Command Injection Vulnerability (CNVD-2022-53572)
TOTOLINK EX1200T is a Wi-Fi range extender from China-based TOTOLINK, and a command injection vulnerability exists in TOTOLINK EX1200T. deviceName to conduct attacks...
WordPress VikBooking Hotel Booking Engine
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress VikBooking Hotel Booking Engine...
Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability
Microsoft Support Diagnostic Tool MSDT, Microsoft Support Diagnostic Tool is a utility program used to troubleshoot and collect diagnostic data for professionals to analyze and solve problems.Microsoft Office is a popular office software developed by Microsoft Corporation. Microsoft Support...
Apache Tika Denial of Service Vulnerability (CNVD-2022-73491)
Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...
ChatBot Application with a Suggestion Feature SQL注入漏洞
ChatBot Application with a Suggestion Feature is a ChatBot application with a suggestion feature. chatBot Application with a Suggestion Feature version 1.0 is vulnerable to a SQL injection vulnerability that originates in /simple chatbot/admin/responses/viewresponse.php with an id parameter that...
TotoLink A3100R Command Injection Vulnerability (CNVD-2022-54652)
TotoLink A3100R is a series of wireless routers from TotoLink, Taiwan, China.TotoLink A3100R version V4.1.2cu.5050B20200504 and V4.1.2cu.5247B20211129 are vulnerable to command injection, which originates from uci cloudupdateconfig function in the magicid parameter fails to properly filter the...
AMD System Management Unit Denial of Service Vulnerability (CNVD-2022-63547)
AMD System Management Unit SMU is a system management unit of AMD, Inc. A denial of service vulnerability exists in AMD System Management Unit, which can be exploited by attackers to cause a denial of resources or a denial of service...
Cambium Networks cnMaestro OS Command Injection Vulnerability (CNVD-2022-64237)
Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...
Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72858)
Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...
Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)
Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...
JetBrains Ktor Native Security Feature Issue Vulnerability
JetBrains Ktor Native is an asynchronous framework for creating microservices, web applications, etc. JetBrains Ktor Native versions prior to 2.0.0 are vulnerable to a security feature that stems from the fact that random values used for random number generation are not implemented using...
F5 BIG-IP APM log information disclosure vulnerability
F5 BIG-IP APM and F5 BIG-IP APM Clients are both products of F5, Inc. F5 BIG-IP APM Clients is a suite of APM client software. F5 BIG-IP APM is vulnerable to log information disclosure, which can be exploited by attackers to view sensitive information related to APM sessions...
Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service and Information Disclosure Vulnerability
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco, a U.S. company. Cisco TelePresence Collaboration Endpoint Software is a set of collaboration endpoint software. cisco TelePresence Collaboration Endpoint and RoomOS Software has a denial of...
JetBrains PyCharm has an unspecified vulnerability
JetBrains PyCharm is an integrated development environment IDE for the Python language from Czech company Jetbrains. security vulnerability exists in versions prior to JetBrains PyCharm 2022.1, which stems from exposing the debugger port to the internal network, no details of the vulnerability ar...
Podman lifting vulnerability
Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35527)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in the find= parameter of...
WordPress plugin Autolinks cross-site request forgery vulnerability
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin Autolinks has a cross-site request forgery vulnerability, which can be exploited by remote attackers to perform...
Amazon AWS VPN Client has an unspecified vulnerability
Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...
Microsoft Windows Telephony Serve Elevation of Privilege Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Telephony Server. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An...
RiteCMS path traversal vulnerability
RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...
Unspecified vulnerability in iot-device-sdk-embedded-c
iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...
Microsoft Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows Hyper-V Shared Virtual Hard Disks, a tool from Microsoft Corporation that provides hardware virtualization. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker...
Microsoft Windows iSCSI Target Service Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows iSCSI Target Service. The vulnerability arises from a configuration or other error in the operation of a networked...
Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2022-62516)
Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA. Microsoft Windows Win32k has an elevation of privilege vulnerability that could be exploited by attackers to execute arbitrary code with elevated privileges...
Jenkins promoted builds Plugin cross-site scripting vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in the Jenkins promoted builds Plugin, which stems from the application not...
KevinLAB Building Energy Management System跨站请求伪造漏洞
KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.A cross-site request forgery vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0 and is currently No detailed vulnerability details are available...
Huawei HarmonyOS Business Logic Error Vulnerability (CNVD-2022-53579)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A business logic error vulnerability exists in the Huawei HarmonyOS communication module. The vulnerability stems from a business logic error in the...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57816)
ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute HTML or JavaScript code with t...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65621)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute code in the context of the current process...
KONGA elevation of privilege vulnerability
KONGA is a full-featured open source, multi-user GUI from Dutch individual developer Panagis Tselentis. version 0.14.9 of KONGA contains an elevation of privilege vulnerability that could be exploited by attackers to gain full administrative access...
WordPress Amelia Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is an application plugin for WordPress. WordPress Amelia Plugin 1.0.46 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the program's failure t...
Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)
Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...
Huawei Emui and Magic UI Denial of Service Vulnerability (CNVD-2022-20298)
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. a denial of service vulnerability exists in Huawei Emui and Magic UI, which stems from copying the input buffer in the video framework without checking its size. An attacker...
Mattermost Server Buffer Overflow Vulnerability (CNVD-2022-65355)
Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost Server versions 6.3.2 and below, which stems from the fact that Mattermost Server's document extractor does not properly validate data boundaries when performing...
Huawei Emui and Magic UI Nearby module licensing issue vulnerability
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Nearby modules are vulnerable to authorization issues that could be exploited by attackers to compromise availability and integrity...
TP-Link Omada Controller Software Licensing Issue Vulnerability
TP-Link Omada Controller Software is a set of software from Tp-link that supports the management of wireless access points.TP-Link Omada Controller Software versions prior to 5.0.15 are vulnerable to authorization issues, which stem from a lack of authentication measures or insufficient...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59681)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2022-20139)
Microsoft Office is an office software suite of products from Microsoft Corporation USA. Microsoft Office Visio is vulnerable to remote code execution. The vulnerability is due to a boundary error in the processing of EMRCOMMENTEMFPLUS records in EMF images. A remote attacker could exploit this...
Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CNVD-2022-84602)
Microsoft Windows Common Log File System Driver is a Common Log File System CLFS API from Microsoft that provides a common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An information disclosure vulnerability exists in...
Google Chrome Autofill Security Bypass Vulnerability
Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...
Microsoft Defender permission permission and access control issues vulnerability
Microsoft Defender is a threat protection software from Microsoft Corporation USA. Microsoft Defender for IoT is vulnerable to privilege permission and access control issues. No details of the vulnerability are currently available...
Google Chrome ANGLE buffer overflow vulnerability
Google Chrome is a web browser from Google, Inc. Google Chrome ANGLE is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...
Simple Bakery Shop Management SQL Injection Vulnerability
Simple Bakery Shop Management is a bakery management system. simple Bakery Shop Management is vulnerable to SQL injection and no detailed vulnerability details are available at this time...
Qt path traversal vulnerability
Qt is a cross-platform C application development framework from the Norwegian company Qt. It is widely used for developing GUI programs, in which case it is also known as the widget toolkit. It can also be used to develop non-GUI programs, such as console tools and servers.Qt versions prior to...