130997 matches found
WordPress Ultimate Member plugin remote code execution vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...
Unspecified Vulnerability in Epson TM-C3500 and TM-C7500
The Epson TM-C3500 and Epson TM-C7500 are both printers from the Japanese company Epson. A security vulnerability exists in Epson TM-C3500 and TM-C7500 firmware version WAM31500, which can be exploited by an attacker to bypass authentication...
Linux kernel memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in Linux kernel 6.0.9 and prior versions. An attacker can exploit the vulnerability to launch a denial of service attack or execute...
Apartment Visitor Management System SQL Injection Vulnerability
Apartment Visitor Management System is an Apartment Visitor Management System by Carlo Montero Personal Developer. Apartment Visitor Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validity filtering of special characters in /avms/index.php,...
Digital Alert Systems DASDEC EAS Cross-Site Scripting Vulnerability
Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems in the United States. A cross-site scripting vulnerability exists in all current versions of Digital Alert Systems DASDEC, which stems from a lack of effective filtering and escaping of user-supplied data on an...
GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability
GE CIMPLICITY HMI/SCADA Software is an automated industrial platform from General Electric GE. It provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. A buffer overflow...
AeroCMS SQL Injection Vulnerability
AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the edit parameter of its admincategories.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...
ZTE MF286R Buffer Overflow Vulnerability
The ZTE MF286R is a wireless router from ZTE Corporation China.A buffer overflow vulnerability previously existed in the ZTE MF286R mf286rb07 version, which stems from the lack of input validation of the wifi interface parameters and can be exploited by attackers to conduct denial of service...
Fusiondirectory Cross-Site Scripting Vulnerability
FusionDIrectory is a FusionDIrectory open source application. Used to ensure that the user's identity management security. A cross-site scripting vulnerability exists in Fusiondirectory version 1.3. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, whi...
Karmasis Infraskope Agent Access Control Error Vulnerability
Karmasis Infraskope Agent is an application logger from Karmasis. An Access Control Error vulnerability exists in Karmasis Infraskope Agent versions prior to 7.10.00, which stems from improper access control in the application and can be exploited by an attacker to corrupt the page listing the...
Bouncy Castle BC Code Issue Vulnerability
Bouncy Castle BC is a cryptographic library for C and Java applications organized by Bouncy Castle. A code issue vulnerability exists in Bouncy Castle BC-FJA versions prior to 1.0.2.4, which stems from a temporary key used by the BC-FJA FIPS module that may be zeroed out while the module is still...
WordPress Permalink Manager Lite has an unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
Apache Airflow code injection vulnerability
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the...
Apache Airflow Input Validation Error Vulnerability (CNVD-2022-78860)
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring.Apache Airflow versions prior to 2.4.3 are vulnerable to an input validation error that stems from an open redirect in the...
IBM Cloud Pak for Security has an unspecified vulnerability (CNVD-2022-78136)
IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security CP4S has a security vulnerabili...
Huawei HarmonyOS Licensing Issue Vulnerability (CNVD-2023-13080)
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS is vulnerable to an authorization issue, which stems from a lax verification of power module permissions. An attacker could exploit the vulnerability to cause...
IBM Robotic Process Automation Licensing Issue Vulnerability (CNVD-2022-77512)
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1, 21.0.2, 21.0.3, 21.0.4, a...
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-74073)
Apache Airflow is a community-created platform for programmatically authoring, scheduling, and monitoring workflows. a cross-site scripting vulnerability exists in versions of Apache Airflow prior to 2.4.2. The vulnerability is related to the affected version not properly filtering user input. Th...
Apple tvOS Buffer Overflow Vulnerability (CNVD-2022-74081)
Apple tvOS is a smart TV operating system from Apple, Inc. A security vulnerability exists in Apple tvOS, which stems from an application that could cause the system to unexpectedly terminate or write to kernel memory. No details of the vulnerability are currently available...
Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29426)
Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...
Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91135)
Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and perform unauthorized creation...
Microsoft Windows Graphics Component has an elevation of privilege vulnerability
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Graphics Component. An attacker could exploit the vulnerability to elevate privileges...
Zimbra Collaboration Suite uncheck Cross-Site Scripting Vulnerability
Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...
Adobe Dimension code execution vulnerability
Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. A code execution vulnerability exists in versions prior to Adobe Dimension 3.4.6, which stems from a "use-after-release" vulnerability that could be exploited to execute arbitrary code in the current user context...
Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08753)
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. Adobe ColdFusion is vulnerable to a path traversal vulnerability, which stems from an improper restriction of pathnames to restricted directories,...
Microsoft Windows Kernel privilege elevation vulnerability
Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. Microsoft Windows Kernel contains an elevation of privilege vulnerability that can be exploited by attackers to elevate privileges...
Tenda AX1803 fromSysToolReboot Function Cross-Site Request Forgery Vulnerability
Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A cross-site request forgery vulnerability exists in the Tenda AX1803 firmware, version USAX1803v2.0brv1.0.0.12994CNZGYD014, which exists in the /bin/tdhttpd file fromSysToolReboot function/goform/SysToolReboot page. An attacker...
Microsoft Graphics Component privilege elevation vulnerability
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Graphics Component, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an elevation of...
Microsoft Windows COM Event System Service privilege elevation vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in the Microsoft Windows COM Event System Service, which stems from improper privilege assignment in applications and can be exploited by attackers to...
Microsoft Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
Microsoft Windows Server Remotely Accessible Registry Keys is vulnerable to information disclosure, which results from inadequate protection of sensitive information on network systems or products. The vulnerability is caused by inadequate protection of sensitive information in network systems or...
Microsoft Windows CD-ROM File System Driver Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Windows CD-ROM File System Driver, which stems from the failure of a network system or product to properly filter special elements in the external input data used to construct code segments. The vulnerability can be exploited by an attacker to...
Democritus Project d8s-lists Code Execution Vulnerability
Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-lists version 0.1.0, which stems from the presence of a potential code execution package, democritus-dicts, inserte...
SAP 3D Visual Enterprise Author .vds Buffer Overflow Vulnerability
SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management and can be exploited by an attacker to...
Discourse DiscoTOC Cross-Site Scripting Vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A cross-site scripting vulnerability exists in versions prior to Discourse DiscoTOC 2.1.0, which stems from the lack of escaping and filtering of input data on pages that can...
Singularity Image Format Encryption Problem Vulnerability
Singularity Image Format is a compressed squashfs file system from Singularity that has a block organization structure, including metadata and definition files for containers, first labels, partition contents, signatures if they exist, and, of course, the containers for the binaries themselves...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-68293)
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code...
Vim Resource Management Error Vulnerability (CNVD-2022-68074)
Vim is a cross-platform text editor. A security vulnerability exists in Vim versions prior to 9.0.0614, which stems from a confusion in the instruction in the didsetstringoption function that the program is responsible for freeing memory. An attacker can exploit the vulnerability to potentially...
Bytebase licensing issue vulnerability
Bytebase is Bytebase's open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams. projects", which can be exploited by an attacker to view "projects" created by "Admin"...
Cisco IOS XE SD-WAN Software and SD-WAN Software Path Traversal Vulnerability
Cisco IOS XE SD-WAN Software and Cisco SD-WAN are both products of Cisco U.S.A. Cisco IOS XE SD-WAN Software is a software for network management software-defined networking applied to the Cisco IOS XE network operating system. The Cisco IOS XE SD-WAN and Cisco SD-WAN are vulnerable to a path...
Aruba Networks ArubaOS and InstantOS Command Execution Vulnerabilities
ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A command execution vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from the...
Kitty Code Execution Vulnerability
kitty is a fast, feature-rich, GPU-based terminal emulator developed by kovidgoyal. A code execution vulnerability exists in versions prior to Kitty 0.26.2 that stems from insufficient validation in the desktop notification escape sequence and can be exploited by an attacker to cause execution of...
Apple macOS Monterey Logic Error Vulnerability
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey suffers from a logic error vulnerability that stems from a logic error issue in the application, which can be exploited by an attacker to gain unauthorized Bluetooth...
QEMU Denial of Service Vulnerability (CNVD-2022-84157)
QEMU Quick Emulator is a set of emulation processor software from Fabrice Bellard, a French personal developer. QEMU VNC server has a denial of service vulnerability, which stems from an integer underflow in the processing of ClientCutText messages in extended format, which can be exploited by an...
Rocket.Chat Information Disclosure Vulnerability (CNVD-2022-69164)
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the presence of a clear-text transfer of sensitive information related to an oauth token, causing the oauth token to be leaked in the product. An attacker could explo...
Tenda i9 formWifiMacFilterSet function buffer overflow vulnerability
Tenda i9 is an enterprise wireless AP device. tenda i9 formWifiMacFilterSet function function buffer overflow vulnerability can be exploited by attackers to cause a denial of service DoS via specially crafted strings...
Tenda i9 formwrlSSIDset function buffer overflow vulnerability
Tenda i9 is an enterprise wireless AP device. a buffer overflow vulnerability exists in the Tenda i9 formwrlSSIDset function, which can be exploited by attackers to cause a denial of service DoS via a specially crafted string...
Apache Kafka Denial of Service Vulnerability
Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of capturing real-time data and is used to build applications that react in real-time to changes in the data stream. Apache Kafka suffers from a denial-of-service...
Adobe Bridge Resource Management Error Vulnerability (CNVD-2022-66013)
Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a resource management error, which stems from the impact of post-release reuse and can be exploited by attackers to execute arbitrary code in the context of the current user...
Adobe InDesign product buffer overflow vulnerability
Adobe InDesign, a set of typesetting and editing applications from Adobe, has a buffer overflow vulnerability that originates from out-of-bounds reads and could lead to a memory leak. An attacker can remotely execute arbitrary code through this vulnerability...
Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10608)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that FakeQuantWithMinMaxVars will fail to assert if it is given a tensor of non-zero rank min or max. An attacker...