5834 matches found
ZTE GoldenDB SQL Injection Vulnerability
ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a SQL injection vulnerability that originates...
Tenda AC15 Buffer Overflow Vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. Tenda AC15 15.03.05.19 and earlier versions suffer from a buffer overflow vulnerability, which originates from the mac parameter of the function fromSetWirelessRepeat in the file /goform/WifiExtraSet failing to correctly validate...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 8 security fixes: 409911705 High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 409342999 Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 404000989 Medium...
Google Chrome < 136.0.7103.48 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 136.0.7103.48. It is, therefore, affected by multiple vulnerabilities as referenced in the 202504stable-channel-update-for-desktop29 advisory. - Inappropriate implementation in DevTools in Google Chrome prior to...
Google Chrome < 136.0.7103.48 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 136.0.7103.48. It is, therefore, affected by multiple vulnerabilities as referenced in the 202504stable-channel-update-for-desktop29 advisory. - Inappropriate implementation in DevTools in Google Chrome prior to...
Google Chrome OS Out-of-Bounds Read Vulnerability
Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an out-of-bounds read vulnerability that stems from a lack of proper validation of user-supplied data in ipsetbitmapip.c, which can be exploited by an attacker to cause memory...
Tenda AC10 wanSpeed2 Parameter Buffer Overflow Vulnerability
The Tenda AC10 is a wireless router from the Chinese company Tenda. The Tenda AC10 suffers from a buffer overflow vulnerability that stems from the wanSpeed2 parameter in AdvSetMacMtuWan failing to correctly validate the length and size of the input data, which can be exploited by an attacker to...
CVE-2025-1050
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of...
CVE-2025-1049
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21436)
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...
Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21435)
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...
Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21433)
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...
Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21432)
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...
Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21430)
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...
Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21429)
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...
The vulnerability of the NFSD component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the NFSD component in the Linux operating system’s kernel is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2025-3289
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...
CVE-2025-3288
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...
CVE-2025-2829
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...
The vulnerability of the data.c component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the data.c component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...