Adobe InDesign Desktop stack buffer overflow vulnerability (CNVD-2026-24184)

Adobe InDesign Desktop is a professional publishing layout and page design software, primarily used for printing and digital publication creation. Adobe InDesign Desktop has a stack buffer overflow vulnerability, which stems from insufficient input validation, leading to out-of-bound writing of...

Huawei HarmonyOS browser kernel denial-of-service vulnerability

Huawei HarmonyOS is a distributed operating system developed independently by Huawei. It primarily offers seamless collaboration across devices, intelligent experiences in various scenarios, and security features. Huawei HarmonyOS has a denial-of-service vulnerability. This vulnerability stems fr...

Huawei HarmonyOS package management access control error vulnerability

Huawei HarmonyOS is a distributed operating system developed by Huawei Corporation. It is designed for comprehensive scenarios and primarily offers features such as cross-device collaboration, security protection, and intelligent services. There is an access control vulnerability in the package...

Microsoft Windows DNS Permission Elevation Vulnerability (CNVD-2026-24189)

Microsoft Windows DNS is a domain name resolution service provided by Microsoft Corporation in the United States. The Domain Name System DNS is one of the industry-standard protocol suites that includes TCP/IP. Both DNS clients and DNS servers work together to provide name resolution services,...

Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24188)

Adobe InDesign Desktop is a professional desktop publishing and page layout design software. Adobe InDesign Desktop has a heap buffer overflow vulnerability. This vulnerability arises because the program fails to properly handle data in malicious files. Attackers can exploit this vulnerability by...

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2026-24183)

Adobe InDesign Desktop is a professional desktop publishing and design software, primarily used for page layout, graphic design, and publishing in print and digital media. There is a security vulnerability in Adobe InDesign Desktop. This vulnerability stems from an improper validation of the read...

Huawei HarmonyOS Access Control Vulnerability (CNVD-2026-23807)

Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless experiences across devices and memory management capabilities. There is an access control vulnerability in the package management module of Huawei HarmonyOS. The cause of this...

Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24185)

Adobe InDesign Desktop is a professional desktop publishing software, primarily used for page design, printing, and digital publishing. Adobe InDesign Desktop has a heap buffer overflow vulnerability, which stems from improper handling of certain file data, leading to out-of-bound writes to the...

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2026-24186)

Adobe InDesign Desktop is a professional desktop publishing and typesetting design software, primarily used for creating print and digital publications. There is a security vulnerability in Adobe InDesign Desktop, which stems from improper handling of data writing boundaries. Attackers can exploi...

Adobe InCopy buffer overflow vulnerability (CNVD-2026-24182)

Adobe InCopy is a professional text editing and typesetting software, primarily used for creating and editing content in collaboration with Adobe InDesign. Adobe InCopy has a security vulnerability that stems from improper handling of malicious files, leading to out-of-bound memory writes...

Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24187)

Adobe InDesign Desktop is a professional desktop publishing application, primarily used for page layout design in print and digital media. Adobe InDesign Desktop has a buffer overflow vulnerability that stems from improper handling of malicious files during user interactions. Attackers can exploi...

The WordPress plugin WPForms has an unknown vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a security vulnerability in the WPForms plugin. This vulnerability stems from...

The WordPress plugin Events for GeoDirectory has an unknown vulnerability.

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in the Events Calendar...

WordPress plugin WPMobi has a cross-site request forgeing vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The wpMobi plugin has a...

WordPress plugin WP Meta Sort Posts cross-site request fraud vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP Meta Sort Posts plugin has a cross-site request...

WordPress plugin WP-Ultimate-Map has a cross-site request forgeing vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP-Ultimate-Map plugin has a cross-site request...

WordPress Plugin Custom Block Builder Cross-Site Script Vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a website. The WordPress Plugin Custom Block Builder has a cross-site...

The WordPress plugin 6Storage Rentals has an unknown vulnerability.

WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...

WordPress plugin: WP GDPR Cookie consent and cross-site scripting vulnerabilities

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...

WordPress plugin WP Emoticon Rating cross-site request fraud vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...

WordPress Plugin Recover Exit For WooCommerce file contains a vulnerability

WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance functionality of the platform. The "Recover Exit For WooCommerce"...

Apache HTTP Server memory error reference vulnerability

The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. The Apache HTTP Server has a memory corruption vulnerability. Attackers can exploit this...

Apache HTTP Server memory allocation overflow vulnerability

The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server features speed, reliability, and the ability to be expanded through simple APIs. There is a vulnerability in Apache HTTP Server where excessive memory allocation exists;...

Apache HTTP Server infinite loop vulnerability

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...

Apache HTTP Server buffer overflow vulnerability (CNVD-2026-23635)

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a buffer overflow vulnerability present in Apache HTTP Server, but detailed informatio...

Microsoft Azure HorizonDB authentication bypass vulnerability

Microsoft Azure HorizonDB is a cloud-native PostgreSQL database service provided by Microsoft Corporation. There is a security vulnerability in Microsoft Azure HorizonDB, which stems from bypassing authentication through deception. This could allow unauthorized attackers to escalate their...

GPAC Denial-of-Service Vulnerability (CNVD-2026-23411)

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contained a denial-of-service vulnerability. This vulnerability stemmed from a segmentation violation in the gfisomapplesettagex function. Attackers could exploit this vulnerability to cause a denial ...

Google Chrome Resource Management Error Vulnerability (CNVD-2026-23390)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Downloads component, where memory objects were not properly handled during user interactions...

Google Chrome Resource Management Error Vulnerability (CNVD-2026-23387)

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from insufficient validation of memory usage after the Mojo component was released. Attackers could...

Google Chrome Resource Management Error Vulnerability (CNVD-2026-23388)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from the Extensions component being reused after being released. Attackers could exploit this vulnerability to execute arbitrary...

Zyxel VMG4005-B50B buffer overflow vulnerability

Zyxel VMG4005-B50B is a network device firmware designed for managing the network functions and configurations of Zyxel VMG4005-B50B router devices. There is a buffer overflow vulnerability present in Zyxel VMG4005-B50B. This vulnerability stems from the UPnP DeletePortMapping command failing to...

Google Chrome buffer overflow vulnerability (CNVD-2026-23391)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bound read from the GPU component. Attackers could exploit this vulnerability to obtain sensitive information from the...

Google Chrome Input Validation Vulnerability (CNVD-2026-23389)

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation errors, which stemmed from insufficient validation processing by the DataTransfer component for untrusted inputs. Attackers could exploit...

IBM WebSphere Application Server security control bypass vulnerability

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...

IBM WebSphere Application Server identity spoofing vulnerability

IBM WebSphere Application Server is a Java enterprise application server developed by IBM. It is primarily used for deploying and managing enterprise-level web applications. IBM WebSphere Application Server has a vulnerability known as “Identity Spoofing.” This vulnerability arises from the failu...

IBM WebSphere Application Server code issue vulnerability (CNVD-2026-23396)

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...

Google Chrome ANGLE Memory Error Reference Vulnerability (CNVD-2026-23395)

Google Chrome is a web browser developed by Google, primarily used for accessing the internet and running web applications. A vulnerability exists in Google Chrome related to memory references. This vulnerability stems from issues with memory references, and attackers can exploit it to achieve...

Google Chrome Bluetooth module memory error and reference vulnerability

Google Chrome is a cross-platform web browser developed by Google. It primarily provides features for web browsing, extension support, and tab management. Google Chrome has a memory error reference vulnerability, which stems from improper management of object lifetimes by the Bluetooth module,...

Google Chrome ANGLE component out-of-bounds write vulnerability (CNVD-2026-23393)

Google Chrome is a cross-platform web browser developed by Google. Google Chrome’s Angular components have a out-of-bounds write vulnerability. This vulnerability stems from improper boundary checking during the processing of HTML pages in versions prior to 148.0.7778.216. Attackers can exploit...

Google Chrome WebXR memory error reference vulnerability (CNVD-2026-23392)

Google Chrome is a web browser developed by Google. It supports multi-platform use and emphasizes security and performance. Google Chrome has a memory error reference vulnerability. This vulnerability stems from the WebXR component’s failure to properly handle object lifecycle, resulting in memor...

IBM Db2 range partitioned tables denial-of-service vulnerability (CNVD-2026-23402)

IBM Db2 is a relational database management system developed by IBM. It is primarily used for data storage, querying, and analysis. IBM Db2 has a denial-of-service vulnerability that arises from improper handling of specially crafted queries involving range partition tables during execution...

ZTE ZXUniPOS NDS-LTE access control vulnerability

ZTE ZXUniPOS NDS-LTE is a modular baseband unit designed for wireless communication networks. It primarily provides multi-mode and multi-frequency signal processing as well as data aggregation functions. ZTE ZXUniPOS NDS-LTE has an access control vulnerability. This vulnerability arises from the...

IBM OPENBMC Denial-of-Service Vulnerability

IBM OpenBMC is an open-based board management controller firmware, primarily used for server hardware monitoring and management. IBM OpenBMC has a denial-of-service vulnerability. The vulnerability arises from the failure to properly validate requests from unauthenticated network users. Attackers...

IBM Db2 Denial-of-Service Vulnerability (CNVD-2026-23403)

IBM Db2 is a relational database management system, primarily used for data storage, querying, and management. IBM Db2 has a denial-of-service vulnerability. This vulnerability arises from improper handling of specially crafted heap queries. Attackers can exploit this vulnerability to cause the...

IBM Aspera HSTS for CP4I certification bypass vulnerability

IBM Aspera HSTS for CP4I is a solution for high-speed and secure file transfer, primarily providing features for large-scale data transmission, encryption, and automated workflows. IBM Aspera HSTS for CP4I has a certification bypass vulnerability. This vulnerability arises due to the authenticati...

IBM Langflow OSS file processing component path traversal vulnerability

IBM Langflow OSS is an open-source low-code tool primarily used for building and deploying applications based on Large Language Models LLMs. IBM Langflow OSS has a path traversal vulnerability. This vulnerability stems from the failure to properly validate symbolic links during the decompression ...

ZTE MU5250 Access Control Vulnerability

The ZTE MU5250 is a 5G mobile Wi-Fi device produced by ZTE Corporation. The ZTE MU5250 has a vulnerability related to access control. This vulnerability stems from improper configuration of the access control mechanism. Attackers can exploit this vulnerability to obtain information without proper...

Zyxel WRE6505 operating system command injection vulnerability

The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 has an operating system command injection vulnerability. This vulnerability arises from the CGI program’s failure to properly filter special characters and commands constructed in...

Siemens RUGGEDCOM operating system command injection vulnerability

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...

BloofoxCMS Cross-Site Request Forgery Vulnerability

BloofoxCMS is a PHP-based text content management system. The bloofoxCMS 0.5.2.1 version has a cross-site request forgeing vulnerability. This vulnerability arises from the WEB application not properly verifying whether the request comes from a trusted user. Attackers can exploit this vulnerabili...