Vulnerability description PHP is a scripting language executed on the server side. There is a command execution vulnerability in PHP before 8.3.8. Due to the "Best Fit Mapping" feature of Windows, non ASCII characters may be incorrectly mapped when processing query strings

Vulnerability description Apache OFBiz is a famous e-commerce platform, which provides a framework for creating a multi tier, distributed e-commerce application system based on the latest J2EE/XML specifications and technical standards, and building large and medium-sized enterprise level, cross platform, cross database, and cross application servers

Vulnerability description ShowDoc is an open source document management system developed based on thinkPHP, which supports the use of Markdown syntax to write API documents, data dictionaries, online Excel documents and other functions. SQL injection vulnerability exists in ShowDoc before 3.2.6

Vulnerability description Spring Cloud Data Flow (SCDF) is a microservice based toolkit used to build streaming and batch data processing pipelines in Cloud Foundry and Kubernetes. Spring Cloud Skipper, a core component in SCDF, is responsible for handling the application

Vulnerability description MyBatis Plus is an enhanced tool of MyBatis, which is used to simplify database development and improve development efficiency. In the affected version, because the UpdateWrapper class does not filter user controlled parameters, there is a SQL injection vulnerability. An attacker can

Vulnerability description OpenAPI Generator Online is a code generator service based on OpenAPI specification, which is designed to help developers generate client SDK, server code, API documents, etc. In the affected version, because the Generator class is not controllable to the user

Vulnerability description Zabbix is an open source network monitoring tool used to monitor the performance and availability of network services, servers and network devices. In the affected version, because the zbx_auditlog_global_script function in audit. c is not user controllable clientip

Vulnerability description Cacti is a graphical analysis tool for network traffic monitoring developed based on PHP. In the affected version, because the import_package function in the/lib/import.php file does not filter user controlled template files, it has "Import Template"

Vulnerability description Next.js is an open source web framework based on React in Node.js ecosystem, which provides back-end development capability through the Server Actions function. In the affected version, when using the Server Actions server to try to execute redirection based on relative paths

Vulnerability description FFmpeg is an open source multimedia framework that supports recording, conversion and stream processing of audio and video. Stereoiden filter is one of the audio filters to enhance the sense of space of stereo audio tracks. In the affected version, because libavfilter/af_s

Vulnerability description CRI-O is an open source lightweight container runtime environment for Kubernetes system, and runc is a tool used in CRI-O to create and run containers. In the affected version of runc, because the Pod annotation is not effectively filtered, there is a Pod annotation creation attack

Vulnerability description Apache HugeGraph Server is an open source large-scale graph database management system. Gremlin is used to query and operate data on the graph database. Since authentication is not enabled by default in versions 1.0.0 to 1.3.0, attackers can directly access RESTf

Vulnerability description: mysql2 is a high-performance Node.js library used to operate MySQL databases. It is compatible with the Node MySQL API, and provides pre compiled statements, extended coding and other functions. The affected version's readCodeFor function calls the readDateTimeString function

Vulnerability description: kkFileView is an online preview solution for file documents built using spring boot, which supports online preview of mainstream office documents. The zip path traversal problem exists in the file upload function in kkFileView 4.2.0 to 4.4.0 beta versions, which allows attackers to

Vulnerability description Node.js is a JavaScript runtime environment based on the Chrome V8 engine, which is used to build fast and extensible network applications. When the CreateProcess() function of Windows executes the batch file (. bat,. cmd), even if

Vulnerability description JumpServer is an open source bastion machine and operation and maintenance security audit system. In JumpServer before 3.10.7, attackers can use the Jinja2 template engine in Ansible by building a malicious playbook template, so that they can use root rights in the Celery container

Vulnerability description XZ Utils is a suite widely used to process. xz files in Linux, Unix and other POSIX compatible systems, including liblzma, xz and other components, and has been integrated in Debian, Ubuntu, CentOS and other distribution repositories. Developer JiaT75 released in its GitHub repository

Vulnerability description GeoServer is an open source software server written in Java, which allows users to share and edit geospatial data. There is an arbitrary file upload vulnerability in the affected version of GeoServer. Since it is not verified whether the file wrapper resource path entered by the user contains "

Vulnerability description Spring Security is an authentication and access control framework based on Spring applications. Spring Security does not check null values when processing Authentication parameters. When an application directly uses the AuthenticatedVoter # vote method, it transmits