225 matches found
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-30927)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Microsoft Word Code Execution Vulnerability (CNVD-2025-30663)
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Exchange Server Input Validation Error Vulnerability (CNVD-2025-3057284)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30654)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...
Google Android elevation of privilege vulnerability (CNVD-2025-3067712)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause an elevation of physical privileges...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976458)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30132)
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30131)
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924158)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
D-Link DIR-823G Command Injection Vulnerability (CNVD-2025-30949)
The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...
TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...
ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29922)
ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...
Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28712)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...
ZOHO ManageEngine OpManager Cross-Site Scripting Vulnerability (CNVD-2025-29925)
ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ZOHO ManageEngine OpManager, no detailed vulnerability details are available at this time...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-29962)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Intel CIP Improper Access Control Vulnerability (CNVD-2025-28482)
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...
Adobe InDesign Desktop Heap Buffer Overflow Vulnerability (CNVD-2025-28657)
Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28643)
Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...