Mozilla VPN Elevation of Privilege Vulnerability

Mozilla VPN is an open source virtual private network web browser extension, desktop application and mobile application from the Mozilla Foundation. Mozilla VPN suffers from an elevation of privilege vulnerability that originates from an elevation of privilege, which can be exploited by an attack...

Microsoft Windows Resource Management Error Vulnerability (CNVD-2025-16953)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows suffers from a Resource Management Error vulnerability that arises from the system not properly restricting the use of resources, which can be exploited by an attacke...

Adobe Framemaker heap buffer overflow vulnerability (CNVD-2025-16224)

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A heap buffer overflow vulnerability exists in Adobe Framemaker versions 2020.8, 2022.6 and earlier. An attacker can exploit this vulnerability to execute arbitrar...

Adobe Framemaker Heap Buffer Overflow Vulnerability (CNVD-2025-16223)

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A heap buffer overflow vulnerability exists in Adobe Framemaker 2020.8, 2022.6 and earlier versions. An attacker can exploit this vulnerability to execute arbitrar...

Fortinet FortiOS Buffer Overflow Vulnerability

Fortinet FortiOS is Fortinet's network security operating system used to provide firewall, VPN, intrusion prevention, and other security features. Fortinet FortiOS suffers from a buffer overflow vulnerability that stems from insufficient boundary checking of specially crafted CLI commands. An...

Adobe Framemaker Integer Overflow Vulnerability

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. An integer underflow vulnerability exists in Adobe Framemaker versions 2020.8, 2022.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary...

Adobe InCopy Heap Buffer Overflow Vulnerability

InCopy is a professional typesetting software from Adobe for editing and designing complex layouts. A heap buffer overflow vulnerability exists in InCopy 20.3, 19.5.3 and earlier versions. An attacker can exploit this vulnerability to cause arbitrary code to be executed in the current user contex...

Dell PowerFlex Manager VM Log Information Disclosure Vulnerability

Dell PowerFlex Manager VM is a virtual machine software from Dell for managing and monitoring storage systems. A log information disclosure vulnerability exists in Dell PowerFlex Manager VM versions prior to 4.6.2.1. An attacker could exploit this vulnerability to obtain user credentials and then...

Unauthorized Access Vulnerability in NPort 5410 of Mosaic Technology (Shanghai) Co.

The NPort 5410 is an industrial-grade serial communication processor, mainly used to connect traditional serial devices to the network for remote management and monitoring. An unauthorized access vulnerability exists in the NPort 5410 of Mosaic Technology Shanghai Co. Ltd, which can be exploited ...

Adobe Framemaker Out-of-Bounds Write Vulnerability (CNVD-2025-16221)

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. An out-of-bounds write vulnerability exists in Adobe Framemaker 2020.8, 2022.6 and earlier versions. An attacker can exploit this vulnerability to execute arbitrar...

Adobe Framemaker Stack Buffer Overflow Vulnerability

Adobe FrameMaker is a powerful tool for creating complex technical documentation and publishing it to a variety of delivery channels. A stack buffer overflow vulnerability exists in Adobe Framemaker 2020.8, 2022.6 and earlier versions. An attacker could exploit this vulnerability to cause a...

RT-Thread Input Validation Error Vulnerability (CNVD-2025-16524)

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from an input validation error vulnerability that originates from the operation of the parameter how in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacke...

Advantech iView SQL Injection Vulnerability (CNVD-2025-17830)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in Advantech iView, which can be exploited by an attacker to perform SQL injection and execute code in the context of the 'nt...

Adobe InDesign Desktop Buffer Overflow Vulnerability

Adobe InDesign Desktop is desktop publishing software developed by Adobe, mainly used for the typography of print and digital publications, including books, magazines, newspapers, posters, e-books and so on. Adobe InDesign Desktop suffers from a buffer overflow vulnerability that originates from...

Adobe ColdFusion Improper Authorization Vulnerability

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. An improper authorization vulnerability exists in Adobe ColdFusion, which can be exploited by an attacker to submit a special request to bypass security restrictions and gain unauthorized access to the system...

UTT Progressive 750W Buffer Overflow Vulnerability (CNVD-2026-02643)

The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from a buffer overflow vulnerability that originates from improper handling of the parameter ssid in the file...

Ivanti Endpoint Manager Mobile OS Command Injection Vulnerability

Ivanti Endpoint Manager Mobile is an enterprise-grade mobile device management MDM solution designed to provide comprehensive mobile device lifecycle management capabilities for organizations. Ivanti Endpoint Manager Mobile suffers from an OS command injection vulnerability that stems from...

Siemens Solid Edge SE2025 Out-of-Bounds Read Vulnerability

Siemens Solid Edge SE2025 is a development software from Siemens Germany. Siemens Solid Edge SE2025 suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current process...

Siemens Solid Edge SE2025 Stack Buffer Overflow Vulnerability

Siemens Solid Edge SE2025 is a development software from Siemens Germany. Siemens Solid Edge SE2025 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

Tenable Agent Elevation of Privilege Vulnerability

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent has an elevation of privilege vulnerability, which originates from a non-administrative user deleting arbitrary local system files with SYSTEM privileges, and can be exploited by an attacker to tamper with the syste...

Adobe InDesign Desktop Digital Error Vulnerability

Adobe InDesign Desktop is desktop publishing software developed by Adobe, mainly used for the typography of print and digital publications, including books, magazines, newspapers, posters, e-books and so on. Adobe InDesign Desktop suffers from a numeric error vulnerability that stems from imprope...

Adobe Substance 3D Viewer Heap Buffer Overflow Vulnerability

Adobe Substance 3D Viewer is a standalone desktop application from Adobe for viewing and editing 3D files and seamlessly integrates with applications such as Photoshop to support non-destructive 2D/3D co-creation. Adobe Substance 3D Viewer suffers from a heap buffer overflow vulnerability that...

Advantech iView SQL Injection Vulnerability (CNVD-2025-17828)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. The Advantech iView suffers from an SQL injection vulnerability that originates from improper parameter cleanup in the NetworkServlet.getNextTrapPage function, which can be...

Ivanti Endpoint Manager Encryption Misuse Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. Ivanti Endpoint Manager suffers from a cryptographic misuse vulnerability that stems from an incorrect cryptographic implementation, which can be...

Tenable Agent Code Execution Vulnerability

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent suffers from a code execution vulnerability that originates from a non-administrative user being able to execute code with SYSTEM privileges. No details of the vulnerability are provided at this time...

Unspecified Vulnerability in Tenable Agent

Tenable Agent is a vulnerability scanning program from Tenable USA. Tenable Agent suffers from a security vulnerability that originates from a non-administrative user being able to overwrite arbitrary local system files with SYSTEM privileges. No details of the vulnerability are provided at this...

Adobe InDesign Heap Overflow Vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for layout editing of various printed materials. A heap overflow vulnerability exists in Adobe InDesign processing files, which originates from a partial overwrite of heap memory, and can be exploited by a remote...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2025-16225)

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for layout editing of various printed materials. A security vulnerability exists in Adobe InDesign processing files, which originates from out-of-bounds memory buffer data writes, and can be exploited by a remote...

Adobe Experience Manager code issue vulnerability (CNVD-2025-16245)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A code...

Tenda O3V2 setAutoReboot Stack Overflow Vulnerability

Tenda O3V2 is a high power wireless bridge from Tenda. The Tenda O3V2 /goform/setNetworkService contains a stack overflow vulnerability in the setAutoReboot function, which originates from improperly restricting the operation of a memory buffer, that can be exploited by a remote attacker to submi...

Dell iDRAC Access Control Error Vulnerability

Dell iDRAC is an embedded remote management controller in Dell servers that provides hardware monitoring, remote control, and troubleshooting, and runs independently of the operating system. An Access Control Error vulnerability exists in Dell iDRAC that stems from improper access control and can...

Siemens SINEC NMS Path Traversal Vulnerability (CNVD-2025-16629)

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A path traversal vulnerability exists in Siemens SINEC NMS that stems...

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. Ivanti Endpoint Manager suffers from a SQL injection vulnerability that originates from improperly filtered submitted SQL statements, which can be...

Adobe ColdFusion Trust Management Issues Vulnerability

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. Adobe ColdFusion suffers from a trust management issue vulnerability that stems from the use of hard-coded credentials, which can be exploited by an attacker to cause elevation of privilege...

Siemens Solid Edge SE2025 Out-of-Bounds Read Vulnerability (CNVD-2025-16628)

Siemens Solid Edge SE2025 is a development software from Siemens Germany. Siemens Solid Edge SE2025 suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current process...

Advantech iView Parameter Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A parameter injection vulnerability exists in Advantech iView, which originates from parameter injection in the NetworkServlet.restoreDatabase function and can be exploited by...

Advantech iView path traversal vulnerability (CNVD-2025-17831)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A path traversal vulnerability exists in Advantech iView due to an error in NetworkServlet.processImportRequest. error in NetworkServlet.processImportRequest. An attacker coul...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2025-16630)

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A SQL injection vulnerability exists in Siemens SINEC NMS, which can ...

Adobe ColdFusion Code Issue Vulnerability

Adobe ColdFusion is a dynamic Web server platform maintained by Adobe. Adobe ColdFusion suffers from a code issue vulnerability that arises from improperly restricting XML external entity references, which can be exploited by an attacker to submit a special request, obtain sensitive information o...

Siemens SINEC NMS Access Control Error Vulnerability

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. An access control error vulnerability exists in Siemens SINEC NMS,...

RT-Thread buffer overflow vulnerability (CNVD-2025-16523)

RT-Thread is an open source IoT real-time operating system RTOS open-sourced by RT-Thread. RT-Thread suffers from a buffer overflow vulnerability that originates from the operation of the parameter timeout in the file rt-thread/components/lwp/lwpsyscall.c, which can be exploited by an attacker to...

D-Link DI-500WF Buffer Overflow Vulnerability

D-Link DI-500WF is a panel type wireless AP access point, designed with international wireless standards, supporting 2.4GHz band, wireless transmission speed up to 300Mbps, in line with the green concept. A buffer overflow vulnerability exists in the D-Link DI-500WF. The vulnerability stems from...

WordPress Events Manager Plugin SQL Injection Vulnerability

WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...

WordPress Support Board Plugin Path Traversal Vulnerability

Support Board is an online customer service communication plugin for WordPress platform, which is mainly used to improve the user experience and customer service efficiency of the website. WordPress Support Board plugin has a path traversal vulnerability, the vulnerability stems from the...

Marvell QConvergeConsole Trail Traversal Vulnerability (CNVD-2025-20450)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the QLogicDownloadImpl class. An attacker could exploit the vulnerability to delete files and disclose...

WordPress Team Showcase plugin cross-site scripting vulnerability

WordPress Team Showcase Plugin is a plugin for displaying team members on a website, which is mainly used on the official website of a business or studio to display core member information in a visual way to enhance the sense of trust. The WordPress Team Showcase plugin suffers from a cross-site...

WordPress Kossy File Inclusion Vulnerability

Kossy is a WordPress theme designed for e-commerce with a minimalist style for furniture stores, clothing stores, digital product stores and other scenarios. WordPress Kossy has a file inclusion vulnerability, the vulnerability stems from improper file name control in the PHP program, an attacker...

WordPress Halpes Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Halpes, which stems from improper input neutralization and can be exploited by an attacker to tamper with web conte...

Marvell QConvergeConsole Path Traversal Vulnerability (CNVD-2025-20444)

Marvell QConvergeConsole is a unified adapter management software across data centers from Marvell USA. A path traversal vulnerability exists in Marvell QConvergeConsole due to an error in the deleteEventLogFile method. An attacker could exploit the vulnerability to delete a file in the SYSTEM...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15503)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from bypassing the process startup SA and using distributed...