Microsoft SharePoint Remote Code Execution Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...

Microsoft Office Code Execution Vulnerability (CNVD-2025-16689)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2025-16687)

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A spoofing vulnerability exists in...

Microsoft PowerPoint Code Execution Vulnerability

Microsoft PowerPoint is a document presentation tool in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft PowerPoint, which can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...

Microsoft Office 365 Encryption Issue Vulnerability

Microsoft Office 365 is an office software suite product from the American company Microsoft Microsoft. Common components of this product include Word, Excel, Access, Powerpoint, FrontPage, etc. A security vulnerability exists in Microsoft Office 365. An attacker exploiting the vulnerability can...

Microsoft Input Method Editor Buffer Overflow Vulnerability

Microsoft Input Method Editor IME is a software component from Microsoft Corporation that enables users to enter text in languages that cannot be easily represented on a standard QWERTY keyboard. A security vulnerability exists in Microsoft Input Method Editor IME. An attacker could exploit the...

Microsoft Brokering File System Code Issue Vulnerability

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

WeGIA Open Redirect Vulnerability

WeGIA is a web manager for welfare organizations. WeGIA suffers from an open redirection vulnerability that stems from the control.php endpoint not handling target jumps appropriately, no detailed vulnerability details are provided at this time...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17283)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the index.php endpoint, no details of the vulnerability are provided at this time...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17271)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the editarpermissoes.php endpoint, no details of the vulnerability are provided at this time...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17183)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which originates from a flaw in the optimizer component and can be exploited by an attacker to cause a denial of service...

Microsoft Graphics Component Code Execution Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. An attacker can exploit this vulnerability to remotely execute code...

Google Chrome ANGLE/GPU Input Validation Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation vulnerability that stems from insufficient validation of untrustworthy input by ANGLE and GPU, which can be exploited by an attacker to submit a special WEB request, which can be tricke...

TOTOLINK T6 delDevice function command injection vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that originates from the failure of the function delDevice's parameter ipAddr to correctly filter...

TOTOLINK T6 clearPairCfg Function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. TOTOLINK T6 suffers from a command injection vulnerability that stems from the parameter ip of the function clearPairCfg in the file /cgi-bin/cstecgi.cgi in the...

D-Link DI-8100 /jingx.asp File Buffer Overflow Vulnerability

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments, supporting up to 4 Internet ports and 4 LAN ports for up to 80 simultaneous users. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the failure of the...

D-Link DI-8100 /arp_sys.asp File Buffer Overflow Vulnerability

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments, supporting up to 4 Internet ports and 4 LAN ports for up to 80 simultaneous users. The D-Link DI-8100 suffers from a buffer overflow vulnerability that originates from the failure of the...

AUO DIR-605L Buffer Overflow Vulnerability

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the failure of Language, a parameter of the function sub410DDC in the file switchlanguage.cgi in the httpd component,...

Rockwell Automation Arena Code Execution Vulnerability (CNVD-2025-19255)

Rockwell Automation Arena is a discrete-event simulation software developed by Rockwell Automation for a wide range of manufacturing, logistics, and service industries. A code execution vulnerability exists in Rockwell Automation Arena, which is caused by out-of-bounds writes to specially crafted...

Rockwell Automation Arena Code Execution Vulnerability

Rockwell Automation Arena is a discrete-event simulation software developed by Rockwell Automation for a wide range of manufacturing, logistics, and service industries. A code execution vulnerability exists in Rockwell Automation Arena, which is caused by out-of-bounds writes to specially crafted...

Unspecified Vulnerability in Oracle Java SE (CNVD-2025-24092)

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in Oracle GraalVM for JDK for Oracle Java SE, which can be exploited by attackers to cause ...

Microsoft Windows Resource Management Error Vulnerability (CNVD-2025-16947)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows is vulnerable to a resource management error. No detailed vulnerability details are provided at this time...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2025-24083)

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Applications Framework for Orac...

Unspecified Vulnerability in Oracle Fusion Middleware (CVE-2025-50064)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2025-24086)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...

Adobe Substance3D Viewer Null Pointer Dereference Vulnerability

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a null pointer dereference vulnerability that can be exploited by attackers to cause a denial of service in the application...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2025-16394)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute...

TOTOLINK N200RE Command Injection Vulnerability

TOTOLINK N200RE is a SOHO wireless router with 11N wireless technology, the highest wireless transmission rate of up to 300Mbps, support for MIMO architecture and ATCT free channel auto-detection technology, effectively improve wireless performance and stability. TOTOLINK N200RE has a command...

Crime Reporting System /complainer_page.php File SQL Injection Vulnerability

Crime Reporting System is a crime reporting system. Crime Reporting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter location in the file /complainerpage.php. The vulnerability can be exploited by an...

Adobe ColdFusion XML Injection Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an XML injection vulnerability that can be exploited by attackers to access...

Chat System fetch_member.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /user/fetchmember.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-16545)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Zoo Management System /admin/manage-animals.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/manage-animals.php. An attacker can exploit this vulnerability...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17284)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the relatoriogeracao.php endpoint, for which no detailed vulnerability details are currently available...

Library System books.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from an SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter Search in the file /user/teacher/books.php. An attacker can exploit this vulnerability to execute...

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2025-16373)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects version...

Microsoft PC Manager Access Control Error Vulnerability (CNVD-2025-17139)

Microsoft PC Manager is a computer management software from Microsoft USA, which can be used for one-click acceleration, system space management, pop-up window management, and comprehensive physical examination. An access control error vulnerability exists in Microsoft PC Manager. An attacker can...

Oracle MySQL Server Resource Management Error Vulnerability (CNVD-2025-17106)

Oracle MySQL Server is a relational database from Oracle Corporation. A resource management error vulnerability exists in Oracle MySQL Server that stems from improper access control of the InnoDB component and can be exploited by an attacker to cause a denial of service...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17164)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server that originates from improper access control of the Optimizer component and can be exploited by an attacker to cause a partial denial of service...

Oracle MySQL Access Control Error Vulnerability

Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An access control error vulnerability in Oracle MySQL's MySQL Client versions 8.0.0 through...

Oracle MySQL Server Resource Management Error Vulnerability

Oracle MySQL Server is a relational database from Oracle Corporation. A resource management error vulnerability exists in Oracle MySQL Server that stems from improper access control of the DDL component and can be exploited by an attacker to cause a denial of service...

Oracle MySQL Server Resource Management Error Vulnerability (CNVD-2025-17171)

Oracle MySQL Server is a relational database from Oracle Corporation. A resource management error vulnerability exists in Oracle MySQL Server, which stems from a flaw in the DDL component that can be exploited by an attacker to cause a partial denial of service...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17108)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server that originates from improper access control of the InnoDB component and can be exploited by an attacker to cause a denial of service and unauthorized modification of data...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17166)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which originates from improper access control of the Thread Pooling component, and can be exploited by an attacker to cause a partial denial of service...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2025-16391)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An out-of-bounds write vulnerability exists in Adobe Framemaker, which could be exploited by an attacker to execut...

Adobe ColdFusion Access Control Error Vulnerability (CNVD-2025-16382)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control error vulnerability exists in Adobe ColdFusion, which could be exploited by an attack...

Tenda FH1205 Buffer Overflow Vulnerability

The Tenda FH1205 is a wireless router from Tenda China. The Tenda FH1205 version 2.0.0.7775 suffers from a buffer overflow vulnerability that originates from the parameter wpapskcrypto in the file /goform/WifiExtraSet, which fails to correctly validate the length of the input data, which can be...

Adobe Substance 3D Designer Out-of-Bounds Read Vulnerability (CNVD-2025-16538)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-16388)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Job Diary view-all.php File SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /view-all.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...