AnythingLLM SQL Injection Vulnerability

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013046)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a DOM-based cross-site scripting vulnerability, for which no detailed vulnerability details have been provided...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28668)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29177)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29073)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from a lack of graceful err...

Beauty Parlour Management System customer-list.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/customer-list.php. An attacker can...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21119)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/cycle endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...

Beauty Parlour Management System book-appointment.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...

Unspecified Vulnerability in Apple iOS/iPadOS (CNVD-2025-17891)

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and Apple iPadOS contain a security vulnerability that originates from improper state management and...

WeGIA SQL Injection Vulnerability (CNVD-2025-17263)

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarDoc.php endpoint idatendidofamiliares parameter. An attacker could exploit...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16732)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

Adobe Framemaker heap buffer overflow vulnerability (CNVD-2025-16397)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute...

Apache Tomcat Input Validation Error Vulnerability (CNVD-2025-16617)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. An input validation error vulnerability exists in Apache Tomcat, which stems from an integer overflow, and can be exploited by an...

Simopro Technology WinMatrix3 SQL Injection Vulnerability (CNVD-2025-20312)

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from a lack of proper validation of user...

Unspecified vulnerability in JT2Go and Teamcenter Visualization (CNVD-2021-02575)

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with existing JT, VFZ, CGM, TIF data.Teamcenter visualization software enables companies to enhance their Product Lifecycle Management PLM environments.The software gives business users access to documents in a...

SQL Injection Vulnerability in Incu Online Education System (CNVD-2020-67117)

Incu online education system is the Java version of the open source online school source code building system . SQL injection vulnerability exists in Incu Online Education System. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59314)

ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...

vtenext cross-site scripting vulnerability

vtenext is a unique open source CRM + BPM solution for comprehensive management of leads, contacts and customers. A cross-site scripting vulnerability exists in the Messaging module of vtenext version 19 CE. The vulnerability can be exploited to inject arbitrary JavaScript code via the "From" fie...

Artifex Software Ghostscript Buffer Overflow Vulnerability (CNVD-2020-46244)

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

GitLab code issue vulnerability (CNVD-2020-46484)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...