130997 matches found
YzmCMS uncontrolled recursion vulnerability
Yzmcms is an open source CMS content management system for Yzmcms individual developers. an uncontrolled recursive vulnerability exists in YzmCMS v6.3, which stems from the fact that the comment function can operate concurrently and an attacker can use this vulnerability to create an unusually...
Shopware Licensing Issue Vulnerability
Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...
MyBB Remote Code Execution Vulnerability (CNVD-2022-20097)
MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A remote code execution vulnerability exists in MyBB, which can be exploited to cause a Remote Code Execution RCE...
Microsoft Azure Site Recovery Code Injection Vulnerability (CNVD-2022-18005)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...
WordPress Conversios.io plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. SQL injection vulnerability exists in versions of WordPress...
D-Link Dir-X1860 has an unspecified vulnerability (CNVD-2022-20167)
The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. The security vulnerability in the D-Link DIR-X1860 version 1.03 RevA1, which stems from the lack of effective information protection and filtering of information disclosure in the web interface, could be exploited by a...
Google Chrome Media Memory Misreference Vulnerability (CNVD-2022-63926)
Google Chrome is a web browser from Google, Inc. Google Chrome Media is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions for freeing memory, which could be exploited to execute arbitrary code on the system or cause a denial of service...
seacms arbitrary code execution vulnerability
seacms Ocean Video Management System is a video-on-demand system designed for webmasters with different needs. seacms V11.5 has an arbitrary code execution vulnerability, which can be exploited by attackers to write malicious files to the site and execute commands...
PluXml Cross-Site Scripting Vulnerability (CNVD-2022-73493)
PluXml is a content management system that does not require a database to work.A cross-site scripting vulnerability exists in PluXML version 5.8.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a payload in the thumbnail path of a blog post...
IBM AIX Input Validation Error Vulnerability (CNVD-2022-17017)
IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX has an input validation error vulnerability that can be exploited by an attacker to cause a fatal AIX error through the CAA kernel, triggering a denial of service...
IBM AIX Denial of Service Vulnerability (CNVD-2022-17018)
IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM, which can also be referred to as AIX. a denial of service vulnerability exists in IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, which stems from a file creation vulnerability in the audit command, the affected component...
Tp-link TL-WR840N has an unspecified vulnerability
Tp-link TL-WR840N is a wireless router from Tp-link, China. TP-LINK TL-WR840NES V6.20 version 180709 is vulnerable due to a lack of filtering and escaping of command parameters in the component oalstartPing. No details of the vulnerability are available at this time...
JetBrains Hub Cross-Site Scripting Vulnerability (CNVD-2022-17756)
JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together. JetBrains Hub has a cross-site scripting vulnerability that can be exploited by attackers to execute XSS attacks...
Gabia Firstmall has an unspecified vulnerability
Gabia Firstmall is used by Gabia for address resolution. A security vulnerability exists in Gabia Firstmall due to insufficient validation of various input values from users, which can be exploited to execute malicious code in Firstmall via the navercheckoutadd function...
JetBrains TeamCity XML External Entity Handling Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...
Google Android Buffer Overflow Vulnerability (CNVD-2022-16339)
Google Android is a Linux-based open source operating system from Google. Google Android buffer overflow vulnerability, the vulnerability stems from improper boundary checking. An attacker can exploit the vulnerability to read invalid memory and cause the application to crash...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17687)
Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error, which can be exploited by attackers to cause MySQL Server to hang or crash repeatedly and frequently...
WordPress Plugin Advanced Database Cleaner Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Advanced Database Cleaner prior to version...
Plesk Cross-Site Request Forgery Vulnerability (CNVD-2022-91163)
Plesk is a hosting control panel from the Swiss company Plesk. version 18.0.37 of Plesk is vulnerable to cross-site request forgery, which stems from the software's lack of validation of cross-site request forgery tokens. An attacker could exploit this vulnerability to insert data in the user and...
WordPress Cozmoslabs Profile Builder plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Cozmoslabs Profile Builder plugin 3.6.1 and earlier versions have a cross-site scripting vulnerability...
snapd input validation error vulnerability
Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...
KiCad EDA Buffer Overflow Vulnerability
KiCad Eda is a cross-platform and open source electronic design automation suite from the KiCad community. KiCad EDA is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker with a specially crafted gerber or excellon file to cause code execution...
Atlassian Jira Service Management Server Licensing Issue Vulnerability
Atlassian Jira Service is a server-based version of Atlassian Australia's IT service desk and request tracking system, which is used to receive, track and manage requests from team clients. An authorization issue vulnerability exists in Atlassian Jira Service Management Server, which stems from...
Atlassian Confluence Server权限提升漏洞
Atlassian Confluence Server is a server version of Atlassian Australia's suite of collaborative software with enterprise knowledge management capabilities and support for building enterprise WiKi. An elevation of privilege vulnerability exists in Atlassian Confluence Server, which stems from an...
Pybbs Cross-Site Scripting Vulnerability
Pybbs is a community forum for more practical Java development. A cross-site scripting vulnerability exists in Pybbs, which stems from the product's search box not effectively handling special characters in user input data. An attacker can exploit this vulnerability to execute client-side code...
Magnolia CMS has an unspecified vulnerability (CNVD-2022-13385)
Magnolia CMS is an application of the Swiss company Magnolia. Magnolia CMS, a website building framework, is provided with a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted CSV XLS file...
Samsung Wear Os StTheaterModeReceiver Access Control Error Vulnerability (CNVD-2022-56487)
Samsung Wear Os is a version of the Android operating system from Samsung South Korea designed for wearable computer devices such as smartwatches. An access control error vulnerability exists in versions of Samsung Wear OS prior to 3.0, which is designed for wearable computer devices such as...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-15933)
Adobe Illustrator is a vector-based image creation software from Adobe, Inc. A security vulnerability exists in Adobe Illustrator, which stems from the product's failure to add effective data protection measures. A remote attacker could use the vulnerability to access sensitive information...
Radareorg Radare2 Buffer Overflow Vulnerability
radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 suffers from a buffer overflow vulnerability that stems from the product's failure to effectively determine memory boundaries, which could be exploited by an attacker to cause a buffer overflow...
Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-15814)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation that can be exploited by an attacker to execute code in the context of the current process...
Bentley Systems MicroStation Resource Management Error Vulnerability (CNVD-2022-16156)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A resource management error vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to execute code in the context of the current process...
Bentley Systems MicroStation Buffer Overflow Vulnerability
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to execute arbitrary code in the context of the current process, along...
Google Chrome Buffer Overflow Vulnerability (CNVD-2022-45562)
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by remote attackers to potentially exploit heap corruption via well-designed HTML pages...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60123)
Microsoft Edge Chromium-based is vulnerable to an elevation-of-privilege vulnerability in Microsoft Edge, a web browser that ships with Windows 10 and later. An attacker could exploit this vulnerability to execute arbitrary code with elevated privileges...
Sante DICOM Viewer Pro J2K Remote Code Execution Vulnerability (CNVD-2022-14984)
Sante DICOM Viewer Pro is a medical DICOM image viewer.A remote code execution vulnerability exists in Sante DICOM Viewer Pro J2K, which can be exploited by attackers to execute code in the context of the current process...
Sante DICOM Viewer Pro DCM Information Disclosure Vulnerability
Sante DICOM Viewer Pro is a medical DICOM image viewer.An information disclosure vulnerability exists in Sante DICOM Viewer Pro DCM, which can be exploited by attackers to execute arbitrary code in the context of the current process along with other vulnerabilities...
Intel Connman Information Disclosure Vulnerability (CNVD-2022-09128)
Connman is a connection manager. a security vulnerability exists in Connman's DNS proxy, which stems from the fact that the TCP server reply implementation has an infinite loop. No details of the vulnerability are currently available...
Sensio Labs Twig Injection Vulnerability
Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...
Siemens Simcenter Femap内存破坏漏洞
Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap suffers from a memory corruption vulnerability that can...
Siemens Simcenter Femap Out-of-Bounds Writing Vulnerability (CNVD-2022-10008)
Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to an out-of-bounds write vulnerability...
Palo Alto Networks Cortex XDR Code Issue Vulnerability
Palo Alto Networks Cortex XDR is a security operations platform for remote endpoint-based detection from Palo Alto Networks Malaysia. A code issue vulnerability exists in the Palo Alto Networks Cortex XDR agent that can be exploited by an attacker to execute a live endpoint session used by a loca...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09144)
Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete da...
Oracle MySQL Buffer Overflow Vulnerability
Oracle MySQL Server is a relational database from Oracle Corporation. MySQL Server suffers from a buffer overflow vulnerability that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete data...
SPIP Cross-site Request Forgery Vulnerability (CNVD-2022-08190)
SPIP is a Web-based content publishing system. A cross-site request forgery vulnerability exists in SPIP, which stems from a Web application that does not adequately validate that requests are coming from trusted users. An attacker could use this vulnerability to send unintended requests to the...
Google Chrome Security Feature Issue Vulnerability (CNVD-2022-15135)
Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a security feature that could be exploited by attackers to bypass navigation restrictions via carefully designed HTML pages...
Adobe Acrobat Reader Dc Input Validation Error Vulnerability
Adobe Acrobat Reader Dc is a Pdf reading tool from the American company Adobe. It is used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc suffers from an input validation error vulnerability, which stems from inadequate validation of user-supplied input. A remote...
Adobe Acrobat Reader Dc Buffer Overflow Vulnerability (CNVD-2022-11149)
Adobe Acrobat Reader Dc is a Pdf reading tool from Adobe. Adobe Acrobat Reader Dc suffers from a buffer overflow vulnerability that originates from a boundary error when handling untrusted input. A remote attacker could exploit the vulnerability by creating a specially crafted PDF file, tricking...
Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18211)
MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database designed to guarantee 99.999% availability. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to execute code in the context of a service account...
SourceCodester Online Leave Management System SQL注入漏洞
SourceCodester Online Leave Management System is an online leave management system. v1 of SourceCodester Online Leave Management System is vulnerable to SQL injection. system/classes/Login.php parameter lacks effective filtering and escaping, which can be exploited to execute arbitrary SQL comman...
pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07497)
Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore has a cross-site scripting...