131102 matches found
Persistent Systems Radia Client Automation Code Injection Vulnerability
Persistent Systems Radia Client Automation RCA is a solution based on enterprise client design. The solution allows users to automate the management of physical or virtual clients. A security vulnerability exists in the radexecd.exe file of Persistent Systems RCA. A remote attacker can exploit th...
Apache Spark Deserialization Vulnerability
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...
Vercel Next.js Privilege Bypass Vulnerability
Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...
Google Chrome Code Execution Vulnerability (CNVD-2025-00209)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by an out-of-bounds write in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2024-20434)
Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software system from the application to the disk, can be achieved from the...
Unspecified Vulnerability in Adobe Commerce (CNVD-2024-19007)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security vulnerability exists in Adobe Commerce that can be exploited by an attacker with elevated privileges to potentially abuse the vulnerability t...
Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)
Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...
IBM Cloud Pak for Business Automation Access Control Error Vulnerability (CNVD-2024-16917)
IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. An access control error vulnerability exists in IBM Cloud Pak for Business...
IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2024-15727)
IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 23.0.0.3 through 24.0.0.3, which stems from the...
Apache Airflow Trust Management Issues Vulnerability (CNVD-2024-13571)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a trust management issue vulnerability that stems from...
Siemens SINEMA Remote Connect Server Access Control Error Vulnerability (CNVD-2024-13805)
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An Access Control Error vulnerability exists in Siemens SINEMA Remote Connect Server versions prior t...
Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)
Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2024-07816)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to gain elevated privileges on the system...
Google Chrome Security Bypass Vulnerability (CNVD-2024-10262)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and earlier versions, which stems from an insufficient policy enforcement issue in the DevTools module. An attacker can exploit this vulnerability to bypa...
Denial of Service Vulnerability in Multiple Mozilla Products
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A denia...
Tenda A15 deviceList Parameter Buffer Overflow Vulnerability
Tenda A15 is a WiFi extender from Tenda China. A buffer overflow vulnerability exists in Tenda A15 version 15.13.07.13, which originates from the deviceList parameter of the /goform/setBlackRule file failing to correctly validate the length of the input data, and can be exploited by a remote...
Microsoft Message Queuing Denial of Service Vulnerability (CNVD-2024-04948)
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A denial of service vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to cause a denial of service on a system...
Microsoft Win32k Elevation of Privilege Vulnerability (CNVD-2024-11165)
Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32k. An attacker could exploit this vulnerability to gain elevated privileges on the system...
GetSimple CMS Cross-Site Scripting Vulnerability
GetSimple CMS is a content management system CMS written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited ...
IBM i License Issues Vulnerabilities
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. An authorization issue vulnerability exists in IBM i Access Client Solutions that stems from improper privilege checking and can be exploited by an attacker to execute...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-10148200)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
LibreOffice License Issues Vulnerabilities
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. LibreOffice suffers from an authorization issue vulnerability that stems from insufficient validation...
Foxit Reader Memory Misreference Vulnerability (CNVD-2023-96092)
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...
Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-9665948)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...
Unchecked Return Value Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
Google Android elevation of privilege vulnerability (CNVD-2023-96074)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
IBM Security Verify Access Resource Management Error Vulnerability
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...
Cisco IOS XE Software web UI elevation of privilege vulnerability
Cisco IOS XE is an operating system developed by Cisco for its network devices.Web UI is a feature of IOS XE software designed to simplify the deployment, management process, and enhance the user experience. The Cisco IOS XE Software web UI elevation of privilege vulnerability can be exploited by...
Microsoft Message Queuing Remote Code Execution Vulnerability (CNVD-2023-84130)
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A remote code execution vulnerability exists in Microsoft Message Queuing, which could be exploited by an attacker to execute arbitrary code on a system...
Huawei HarmonyOS and EMUI Security Bypass Vulnerability (CNVD-2023-84322)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security bypass vulnerability exists in Huawei...
DedeBIZ Code Execution Vulnerability
DedeBIZ is a content management system from China Muyun Intelligent Technology DedeBIZ company. A code execution vulnerability exists in DedeBIZ version v6.2.11, which stems from the $activepath and $filename parameters in /admin/filemanagecontrol.php failing to correctly filter the special...
Microsoft Office Spoofing Vulnerability (CNVD-2024-02719)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office has a spoofing vulnerability that can be exploited by attackers to conduct spoofing...
Linux kernel conditional contention vulnerability (CNVD-2023-71721)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a conditional contention vulnerability, which arises from a KVM in the Linux kernel with Secure Encrypted Virtualization SEV AMD processor...
Google Chrome Type Obfuscation Vulnerability (CNVD-2023-65154)
Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from the presence of type obfuscation in V8, and can be exploited by remote attackers to cause the browser to shut down via a...
Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2023-64450)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...
Microsoft Azure Arc Elevation of Privilege Vulnerability
Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. A privilege full vulnerability exists in Microsoft Azure Arc. An attacker can exploit this vulnerability to gain elevated privileges on the system...
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2023-64866)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...
Adobe Acrobat Reader post-release reuse vulnerability (CNVD-2023-71754)
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a post-release reuse vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current...
Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-65166)
Adobe Dimension is a 3D design tool that is very easy for designers to use while providing high quality visuals. To create realistic objects, Adobe Dimension uses materials defined in the NVidia Material Design Language. A heap buffer overflow vulnerability exists in Adobe Dimension. The...
Apache Jackrabbit Code Execution Vulnerability
Apache Jackrabbit is a content repository from Apache USA. A code execution vulnerability exists in Apache Jackrabbit Webapp/Standalone, which stems from the component commons-beanutils failing to properly filter special elements of constructed snippets. An attacker could exploit the vulnerabilit...
Authentication Bypass Vulnerability in DSL-224 Version 3.0.10 of AUO Electronic Devices (Shanghai) Co.
AUO Electronic Devices Shanghai Co. DSL-224 is a wireless router from China's AUO D-Link. An authentication bypass vulnerability exists in the AUO DSL-224 version 3.0.10, which stems from an improper restriction of too many authentication attempts. An attacker could exploit the vulnerability to...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-100304)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Siemens SIMATIC WinCC using obsolete function vulnerability
SIMATIC NET PC software is a separately sold software product that implements the SIMATIC NET communication products.SIMATIC PCS 7 is a centralized control system DCS that integrates SIMATIC WinCC, SIMATIC Batch, SIMATIC Route control, OpenPCS 7 and other components.SIMATIC WinCC is a Supervisory...
Tenda AC8 deviceId parameter buffer overflow vulnerability
Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC8 deviceId parameter, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause a denial of service...
Apache RocketMQ Command Execution Vulnerability
Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. A command execution vulnerability exists in Apache RocketMQ 5.1.0 and prior versions, which stems from an application failing to properly filter special elements of...
Cisco DNA Center Command Execution Vulnerability
Cisco DNA Center is a network management and command center service from Cisco USA. A command execution vulnerability exists in Cisco DNA Center Software. The vulnerability stems from the application's inadequate validation of user-supplied input in API request parameters and can be exploited by ...
Google Android elevation of privilege vulnerability (CNVD-2023-41879)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in efirtasmwrapper of the efi-rt wrapper.S, which can be exploited by an attacker to elevate privileges...
Google Chrome Autofill UI Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 113.0.5672.126, which stems from a confusion in the Autofill UI instruction responsible for freeing memory. An attacker could use this vulnerability to...
Google Chrome Guest View Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 113.0.5672.126, which stems from a mix-up in the instruction responsible for freeing memory in Guest View. An attacker could use this vulnerability to...
Google Chrome on ChromeOS Code Execution Vulnerability
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome on ChromeOS. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system...