131102 matches found
Sourcecodester Baby Care System SQL注入漏洞(CNVD-2022-35536)
Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 is vulnerable to SQL injection, which originates from the lack of validation of external input SQL in the /admin.php?id=posts & action=display & value=1 &...
Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64253)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from an input validation error vulnerability that can be exploited by attackers to initiate certain activities...
Tyler Technologies Tyler Odyssey信息泄露漏洞
Tyler Technologies Tyler Odyssey is a court and judicial software system from Tyler Technologies, Inc. An information disclosure vulnerability exists in versions of Tyler Technologies Tyler Odyssey prior to 17.1.20, which stems from an insecure direct object reference issue in the platform. An...
Asterisk SQL Injection Vulnerability
Asterisk is a PBX system software that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols.Asterisk suffers from a SQL injection vulnerability that can be exploited by attackers to cause user-supplied data to create corrupt SQL queries or possibly SQL injections...
MariaDB item_cmpfunc.h Denial of Service Vulnerability
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A denial of service vulnerability exists in MariaDB Server v10.9 and earlier versions, which stems from the sql/itemcmpfunc.h component containing ...
Microsoft Power BI Spoofing Vulnerability
Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...
Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CNVD-2022-74593)
A remote code execution vulnerability exists in Microsoft Windows Graphics Components, which originates when a network system or product fails to properly filter external input data during the construction of code segments. elements during the construction of code segments from external input dat...
Microsoft Windows Fax Compose Form Remote Code Execution Vulnerability
Microsoft Windows Fax services is a feature component service of Microsoft Corporation USA used to specify fax settings, including how to send, receive, view and print. A remote code execution vulnerability exists in Microsoft Windows Fax Compose Form, which is used to specify fax settings,...
Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...
Microsoft Windows Upgrade Assistant Remote Code Execution Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Upgrade Assistant. The vulnerability stems from improper handling of input data and can be exploited by an attacker to...
Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64484)
Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. Huawei EMUI suffers from an information disclosure vulnerability, which is caused by an unauthorized rewrite vulnerability in the memory access management module on the ACPU. An attacker can...
MariaDB Denial of Service Vulnerability (CNVD-2022-65004)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which stems from the inclusion of a global buffer overflow in the component...
MariaDB Denial of Service Vulnerability (CNVD-2022-65006)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.7 and lower, which can be exploited by an attacker to cause a denial of service DoS via a...
Jenkins Jira Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that suffers from a cross-site scripting vulnerability that stems from the application not escaping the names and descriptions of the Jira Issue and Jira Release Version...
Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Subversion Plugin is vulnerable to cross-site request forgery, which can be exploited by an attacker to connect to ...
Webmin Cross-Site Scripting Vulnerability (CNVD-2022-61348)
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.A cross-site scripting vulnerability exists in Webmin version 1.973, which stems from the lack of filtering and escaping of user-submitted parameters for the Add User feature. An...
tildearrow Furnace Denial of Service Vulnerability
tildearrow Furnace is a multi-system chip tuning tracker compatible with the DefleMask module. tildearrow Furnace has a security vulnerability that stems from an incomplete fix for CVE-2022-1211, which can be exploited by attackers to cause a denial of service vulnerability...
WordPress Insights from Google PageSpeed plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Insights from Google PageSpeed...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60121)
Microsoft Edge is a web browser that comes with versions of Windows 10 and later, and an elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to elevate privileges...
Code injection vulnerability in Joomla!
Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2022-36036)
Microsoft Edge is a web browser that comes with post-Windows 10 versions of Microsoft Corporation Microsoft. Microsoft Edge has an elevation of privilege vulnerability, and no details of the vulnerability are available...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57825)
ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and previous versions have a cross-site scripting vulnerability, which stems from the program not being properly filtered, and can be exploited by remote attackers to execute HTML or JavaScript code with the help o...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57834)
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and prior versions, which stems from the fact that the program does not validate input or filter output, and can b...
Multiple Apple products have unspecified vulnerabilities (CNVD-2022-55136)
Apple macOS Big Sur is a mobile app from Apple. macOS Catalina is a dedicated operating system for Mac computers from Apple. macOS Monterey is Apple's 18th major version of macOS for Macintosh. macOS Monterey is the 18th major version of Apple's desktop operating system, macOS. Several Apple...
WordPress CleanTalk plugin cross-site scripting vulnerability (CNVD-2022-67605)
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress CleanTalk plugin 5.173 and earlier versions have a cross-sit...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57828)
ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program does not filter user input and can be exploited by remote attackers to execute scripts in the user's browse...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61337)
OpenEMR is an open source healthcare management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...
Sourcecodester Student Attendance Management System跨站脚本漏洞
Sourcecodester Student Attendance Management System is an attendance management system used to maintain daily attendance records. A cross-site scripting vulnerability exists in Sourcecodester Student Attendance Management System version 1.0. The vulnerability stems from a lack of data validation...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2022-55068)
GitLab is an open source end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. GitLab CE/EE versions 11.3 and later are vulnerable to an information disclosure vulnerability...
WordPress Limit Login Attempts (Spam Protection) plugin SQL Injection Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A SQL injection vulnerability exists in the WordPress Lim...
Lua Resource Management Error Vulnerability
Lua is a lightweight, extended open source scripting language from the Lua LUA team. Lua interpreter versions 5.4.0 through 5.4.3 are vulnerable to a resource management error, which can be exploited by attackers to execute Sandbox Escape via a specially crafted script file...
Slims8 Akasia SQL Injection Vulnerability
Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management e.g. books, journals, digital documents and other library materials and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...
Jenkins Extended Choice Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both products of Jenkins. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the plugin's failure to escape the value and description ...
WordPress Photo Gallery by 10Web plugin SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Photo Gallery by 10Web plugin version 1.6.0...
WordPress MOLIE plugin SQL injection vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress MOLIE plugin 0.5 and earlier versions have a SQL injection vulnerability, which stems from the failure of MOLIE to validate and escape SQL...
Huawei Emui and Magic UI video framework heap buffer overflow vulnerability
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. heap buffer overflow vulnerability exists in Huawei Emui and Magic UI video framework, which can be exploited by attackers to impact usability...
Nextcloud Information Disclosure Vulnerability (CNVD-2022-20155)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Nextcloud Germany.A security vulnerability exists in Nextcloud Server, which is due to an issue with the Nextcloud Text application which is provided with Nextcloud Server by...
Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22095)
Adobe After Effects is a set of visual effects and motion graphics creation software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects processing files, which can be exploited by attackers to execute arbitrary code in the context of the current user...
Tenda AX12 Buffer Overflow Vulnerability
Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A security vulnerability exists in Tenda AX12 v22.03.01.21, which originates from a stack buffer overflow contained in the function sub422CE4. An attacker can exploit this vulnerability to cause a denial of service DoS via...
TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-21167)
The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkresetpwdverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can execute arbitrar...
Yzmcms Cross-site Request Forgery Vulnerability (CNVD-2022-20584)
Yzmcms is an open source CMS Content Management System for Yzmcms personal developers. YzmCMS v6.3 is vulnerable to cross-site request forgery, which can be exploited by attackers to trigger cross-site request forgery CSRF via the component /yzmcms/comment/index/init.html...
Apache Spark Encryption Problem Vulnerability (CNVD-2022-21823)
Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program's use of a custom mutual authentication protocol that allows fully encrypted...
Shopware Access Control Error Vulnerability
Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware is vulnerable to an access control error that stems from not properly setting sensitive HTTP headers to non-cacheable, which could be exploited by an attacker to enable HTTP caching and then have...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59683)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2022-77978)
Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. It provides mail access, storage, forwarding, voice mail, mail filtering, etc. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers to conduct spoofing attacks...
Mozilla Firefox Permission License and Access Control Issues Vulnerability (CNVD-2023-59958)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a permissions licensing and access control issue vulnerability that stems from a logic error when handling iframes. The vulnerability can be exploited by an attacker to...
Microsoft Azure Site Recovery Permissions Licensing and Access Control Issues Vulnerability
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to privilege permission and access control issues. No details of the vulnerability are available at this time...
Vim buffer overflow vulnerability (CNVD-2022-20099)
Vim is an editor for the UNIX platform. vim suffers from a buffer overflow vulnerability that is caused by a read operation before the start of a line and results in a heap buffer overflow. An attacker could use the vulnerability to input a specially crafted file, resulting in a crash or code...
Microsoft Defender code injection vulnerability
Microsoft Defender for IoT is vulnerable to code injection. No details of the vulnerability are currently available...
Microsoft Azure Site Recovery Code Injection Vulnerability (CNVD-2022-17998)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...