IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16734)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17058)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17061)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Information Disclosure Vulnerability

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17057)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17034)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing CGM files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17042)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes SQL Injection Vulnerability

WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes is a plugin for bulk editing of WooCommerce product information, prices and attributes with support for Simple, Variant, External and Bundled products. WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes...

Netgear D6400 Remote Command Execution Vulnerability

The Netgear D6400 is a wireless modem from NETGEAR. A remote command execution vulnerability exists in the Netgear D6400, which can be exploited by an attacker to execute arbitrary commands on the system...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17055)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16730)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16835)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-16542)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Microsoft Excel Resource Management Error Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker exploiting this vulnerability could remotely execute code...

Microsoft Excel Buffer Overflow Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker exploiting this vulnerability could gain access to sensitive information...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2025-16777)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability. An attacker can exploit the vulnerability to elevate privileges...

E-Commerce Site Arbitrary File Upload Vulnerability

E-Commerce Site is an e-commerce site. E-Commerce Site suffers from an arbitrary file upload vulnerability that stems from improper manipulation of the parameter photo in the file /admin/usersphoto.php, no details of the vulnerability are available at this time...

Google Chrome Resource Management Error Vulnerability (CNVD-2025-16954)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome versions prior to 138.0.7204.157, which stems from the presence of post-release reuse in WebRTC, which could lead to heap corruption. A remote attacker can exploit the vulnerability b...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2025-16393)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-16387)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Microsoft Windows Resource Management Error Vulnerability (CNVD-2025-16951)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability. The vulnerability can be exploited by an attacker to gain elevated privileges...

Library System approve.php File SQL Injection Vulnerability

Library System is a library system. Library System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /approve.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

Job Diary view-emp.php File SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /view-emp.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Mobile Shop login.php file SQL Injection Vulnerability

Mobile Shop is a mobile store. Mobile Shop suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /login.php. The vulnerability can be exploited by an attacker to execute illegal SQL commands to...

Library System add-student.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter Username in the file /add-student.php for externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

Hospital Management System view-medhistory.php File SQL Injection Vulnerability

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter viewid in the file view-medhistory.php. An attack...

Voting System voters_row.php file SQL Injection Vulnerability

Voting System is an election system. Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for parameter ID in file /admin/votersrow.php. An attacker can exploit this vulnerability to execute illegal SQL commands ...

Crime Reporting System registration.php File SQL Injection Vulnerability

Crime Reporting System is a crime reporting system. Crime Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Name in the file /registration.php. An attacker can exploit this vulnerability to...

Zoo Management System /admin/add-animals.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cnum in the file /admin/add-animals.php. An attacker can exploit this vulnerability ...

WeGIA SQL Injection Vulnerability (CNVD-2025-17285)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /WeGIA/html/socio/sistema/processadeletarsocio.php endpoint. An attacker could exploit this vulnerability to...

Chat System send_message.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter msg in the file /user/sendmessage.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

Online Fire Reporting System assigned-requests.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/assigned-requests.php. An...

Chat System fetch_chat.php file SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchchat.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Microsoft Brokering File System Resource Management Error Vulnerability (CNVD-2025-16872)

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

Online Library Management System /admin/student-history.php File SQL Injection Vulnerability

Online Library Management System is an online library management system. A SQL injection vulnerability exists in Online Library Management System, which originates from the lack of validation of externally-entered SQL statements in the parameter stdid in the file /admin/student-history.php. An...

Adobe ColdFusion XXE Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from an XXE vulnerability that can be exploited by attackers to cause a securi...

GPT-SoVITS-WebUI open_asr function command injection vulnerability

GPT-SoVITS-WebUI is a TTS training model. A command injection vulnerability exists in the GPT-SoVITS-WebUI openasr function. An attacker can exploit this vulnerability to execute arbitrary commands on the system...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2025-16392)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An out-of-bounds write vulnerability exists in Adobe Framemaker, which could be exploited by an attacker to execut...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2025-16384)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A cross-site scripting vulnerability exists in Adobe ColdFusion, which is caused by improper validation...

Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2025-16402)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Illustrator that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Illustrator Numeric Error Vulnerability (CNVD-2025-16549)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A numeric error vulnerability exists in Adobe Illustrator that originates from an integer underflow and can be exploited by an attacker to cause arbitrary code to be executed...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2025-16778)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability. An attacker can exploit the vulnerability to elevate privileges...

Adobe Illustrator Stack Buffer Overflow Vulnerability (CNVD-2025-16547)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A stack buffer overflow vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Microsoft Office Code Execution Vulnerability (CNVD-2025-16688)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which is caused due to improper boundary checkin...

Simple Shopping Cart register.php File SQL Injection Vulnerability

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ruseremail in the file /register.php. The vulnerability can be exploited by an...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2025-16379)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A cross-site scripting vulnerability exists in Adobe ColdFusion, which is caused by improper validation...

Adobe Dimension out-of-bounds write vulnerability (CNVD-2025-16386)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Unspecified Vulnerability in Oracle Java SE (CNVD-2025-24094)

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. Oracle Java SE has a security vulnerability that can be exploited by attackers to cause a system takeover...

Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability

Cisco Unified Intelligence Center is a web-based reporting platform from Cisco that consolidates contact center data and provides visual reporting capabilities. An arbitrary file upload vulnerability exists in the Cisco Unified Intelligence Center web interface, which stems from a lack of file...

Adobe Substance 3D Designer Out-of-Bounds Read Vulnerability (CNVD-2025-16541)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...