Emby Windows Cross-Site Scripting Vulnerability

Emby Windows is a media playback application for the Windows platform developed by Emby LLC that supports Windows 10, 11 and later systems. Emby Windows suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17023)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

Code Execution Vulnerability in Multiple Mozilla Products (CNVD-2025-20066)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2025-20061)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security vulnerability exists in several Mozilla products that originates...

Code Execution Vulnerabilities in Multiple Mozilla Products (CNVD-2025-20065)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

WordPress Nginx Cache Purge Preload plugin code injection vulnerability

WordPress Nginx Cache Purge Preload plugin is a plugin for optimizing the loading speed of your website. The WordPress Nginx Cache Purge Preload plugin suffers from a code injection vulnerability that stems from insufficient cleanup of the HTTPREFERERER parameter in the nppppreloadcacheonupdate...

WordPress Shortcodes Ultimate plugin cross-site scripting vulnerability

WordPress Shortcodes Ultimate plugin is a plugin for WordPress that provides a rich set of visual component features that allow users to insert a wide range of pre-defined shortcodes such as buttons, accordions, image rotations, etc. into post editors, text widgets, or template files, helping to...

WordPress Latest Post Accordian Slider plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Latest Post Accordian Slider plugin, which stems from a lack of random number validation on the lpaccordian...

WordPress Like & Share My Site plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Like & Share My Site plugin, which arises from a web application that does not adequately validate whether a...

WordPress Orion Login with SMS plugin authentication bypass vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authentication bypass vulnerability exists in the WordPress Orion Login with SMS plugin, which stems from an insufficiently strong OTP value for the olwshandleverifyphone...

Lantronix Provisioning Manager XML External Entity Injection Vulnerability

Lantronix Provisioning Manager is a software for gateway configuration and firmware updates from Lantronix USA. Lantronix Provisioning Manager suffers from an XML External Entity Injection vulnerability that arises from a network system or product that does not have the correct filters set to all...

Dell AppSync File Upload Vulnerability

Dell AppSync is a data replication management application from Dell USA. A file upload vulnerability exists in Dell AppSync version 4.6.0.0, which stems from the application's lack of effective validation of uploaded files. The vulnerability can be exploited to remotely execute arbitrary code by...

MB CONNECT LINE mbNET.mini OS Command Injection Vulnerability (CNVD-2025-21144)

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from an operating system command injection vulnerability that stems from improper...

MB CONNECT LINE mbNET.mini Cross-Site Scripting Vulnerability

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A cross-site scripting vulnerability exists in MB CONNECT LINE mbNET.mini, which stems from improper neutralization of...

MB CONNECT LINE mbNET.mini Buffer Overflow Vulnerability

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from a buffer overflow leak that originates from a boundary error when the applicatio...

MB CONNECT LINE mbNET.mini Resource Management Error Vulnerability

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from a resource management error vulnerability that originates from exhausting critic...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17027)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

Tenda AC6 Buffer Overflow Vulnerability

Tenda AC6 is a dual-band wireless router that supports IPv4 and IPv6 protocols and is designed for home network environments. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from the httpd component function setparentcontrolinfo fails to correctly validate the length of t...

Tenda FH451 formSafeClientFilter Function Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 version 1.0.0.9 suffers from a buffer overflow vulnerability that originates from the parameter Go/page in file /goform/SafeClientFilter that fails to properly validate the length of the input data, which can be exploited...

Complaint Management System complaint-search.php file cross-site scripting vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Search in the file /admin/complaint-search.php, which can...

Apartment Visitors Management System pass-details.php file cross-site scripting vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter visname in the file...

WordPress Gutentor plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Gutentor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...

GNU Binutils copy_section function buffer overflow vulnerability

GNU Binutils is a set of open source tools for working with binary files such as target files, executables, libraries, etc., mainly used in the areas of compilation, debugging, reverse engineering and so on. A buffer overflow vulnerability exists in GNU Binutils, which stems from the failure of t...

NVIDIA Container Toolkit Backlink Vulnerability

NVIDIA Container Toolkit is a container toolkit introduced by NVIDIA for directly invoking GPU resources in containers, solving the problems of complex device access and insufficient resource isolation faced by traditional containerized GPU computing. NVIDIA Container Toolkit suffers from a...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17266)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the personalizacaoselecao.php endpoint nomecar parameter, for which no detailed vulnerability details are...

Microsoft Azure Machine Learning Elevation of Privilege Vulnerability

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

WordPress Qwizcards plugin cross-site scripting vulnerability

WordPress Qwizcards plugin is a plugin for the WordPress platform that is mainly used to create online quiz question and answer test and flashcard flashcard content. WordPress Qwizcards plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress bSecure plugin elevation of privilege vulnerability

WordPress bSecure plugin is a plugin used to enhance the security of the website, mainly for the payment page of GiveWP to provide security features. An elevation of privilege vulnerability exists in the WordPress bSecure plugin, which stems from a lack of authorization in the orderinfo REST...

Complaint Management System Cross-Site Request Forgery Vulnerability

Complaint Management System is a complaint management system. The Complaint Management System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could use this...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. A cross-site scripting vulnerability exists in Adobe Experience Manager, which can be...

GNU Binutils bfd_elf_set_group_contents function buffer overflow vulnerability

GNU Binutils is a set of open source tools for working with binaries such as target files, executables, libraries, etc., mainly used in the areas of compilation, debugging, reverse engineering and so on. A buffer overflow vulnerability exists in GNU Binutils, which stems from the failure of the...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-20064)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products, whic...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16829)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16825)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16831)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

D-Link DIR-513 formSetWanDhcpplus Function Buffer Overflow Vulnerability

D-Link DIR-513 is a portable wireless router that focuses on thin and light design and easy-to-use features, and supports IEEE 802.11n, 802.11g/b standards with a maximum transmission rate of 300Mbps. The D-Link DIR-513 suffers from a buffer overflow vulnerability that originates from a buffer...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16830)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16824)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16823)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing CGM files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16828)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16822)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing CGM files, which can be exploited by an attacker to execute code in the context of the current...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20076)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a file upload vulnerability that originates from allowing the upload of dangerous types of files, which can be exploited ...

IBM Engineering Systems Design Rhapsody Information Disclosure Vulnerability

IBM Engineering Systems Design Rhapsody is a model-driven development MDD environment for systems engineering and software development provided by IBM. An information disclosure vulnerability exists in IBM Engineering Systems Design Rhapsody, which arises from the transmission of sensitive...

Google Chrome Type Obfuscation Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a flaw in the V8 engine's handling of malicious HTML pages. An attacker can exploit the vulnerability to trigger heap corruption via specially crafted HTML...

SAMSUNG MagicINFO 9 Server Security Bypass Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A security bypass vulnerability exists in SAMSUNG MagicINFO 9 Server, which can be exploited by attackers to cause authentication bypass...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20077)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a file upload vulnerability that originates from allowing the upload of dangerous types of files, which can be exploited ...

Google Chrome Type Obfuscation Vulnerability (CNVD-2025-17112)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a flaw in the V8 engine's handling of malicious HTML pages. An attacker can exploit the vulnerability to trigger heap corruption via a specially crafted HTML...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16827)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16826)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current process...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20804)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...