Adobe Acrobat Reader Out-of-Bounds Read Vulnerability (CNVD-2025-13315)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information...

Information Disclosure Vulnerability in Various ABB Products (CNVD-2025-13332)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

School Fees Payment System datatable.php File SQL Injection Vulnerability

School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter sSortDir0 in the file /datatable.php. An attacker can exploit this...

Vehicle Record Management System /search-vehicle.php File SQL Injection Vulnerability

Vehicle Record Management System is a vehicle record management system. Vehicle Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchinputdata in file /admin/search-vehicle.php. ...

Fortinet FortiClientWindows Trust Management Issue Vulnerability

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A trust management issue...

Dmacroweb DM Corporative CMS SQL Injection Vulnerability (CNVD-2025-14356)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter codform in the file...

School Fees Payment System ajx.php File SQL Injection Vulnerability

School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter namestartsWith in the file /ajx.php. An attacker can exploit this...

Code Injection Vulnerability in Various ABB Products (CNVD-2025-13767)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14364)

FreeFloat FTP Server is an FTP service from FreeFloat. FreeFloat FTP Server suffers from a buffer overflow vulnerability that is caused by incorrect boundary checking in the MDIR component command handler. No detailed vulnerability details are provided at this time...

Dmacroweb DM Corporative CMS SQL Injection Vulnerability (CNVD-2025-14357)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cod in the file...

Adobe InDesign Desktop Buffer Overflow Vulnerability

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a buffer overflow vulnerability that originates from an out-of-bounds read, which can be exploited by an attacker to cause a sensitive memory leak...

Adobe Acrobat Reader Information Disclosure Vulnerability (CNVD-2025-13316)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14360)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file...

Information Disclosure Vulnerability in Various ABB Products (CNVD-2025-13425)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Laundry System Authentication Missing Vulnerability

Laundry System is a laundry system. The Laundry System suffers from a missing authentication vulnerability that could be exploited by an attacker to compromise confidentiality, integrity, and availability...

School Fees Payment System Improper Authentication Vulnerability

School Fees Payment System is a tuition payment system. The School Fees Payment System has an improper authentication vulnerability that can be exploited by an attacker to compromise confidentiality, integrity, and availability...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17474)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

WordPress PayU India plugin has unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress PayU India plugin that stems from vulnerability to authentication bypass attacks, no details of the vulnerability are provided a...

Adobe Acrobat Reader Out-of-Bounds Read Vulnerability (CNVD-2025-13313)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

Restaurant Table Booking System manage-subadmins.php file cross-site scripting vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter fullname in the file...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17476)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17475)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17472)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which is caused due to improper boundary checking. An attacker could exploit the vulnerability to execute arbitrary code on the system...

Path Traversal Vulnerability in Various ABB Products (CNVD-2025-13774)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

D-Link DIR-632 /biurl_grou File Buffer Overflow Vulnerability

The D-Link DIR-632 is a router from China's AUO D-Link. The D-Link DIR-632 suffers from a buffer overflow vulnerability that originates from the failure of the file /biurlgrou in the HTTP POST Request Handler component to properly validate the length and size of the input data, which can be...

Restaurant Table Booking System check-status.php file cross-site scripting vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file /check-status.php,...

Path Traversal Vulnerability in Various ABB Products

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Cross-Site Scripting Vulnerability in Various ABB Products

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

WordPress FlatNews plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FlatNews plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...

Google Chrome Type Obfuscation Vulnerability

Google Chrome is a popular web browser. Google Chrome suffers from a type obfuscation vulnerability that originates from accessing a resource using an incompatible type, which can be exploited by a remote attacker to submit a special WEB request that can be tricked into being parsed by the user,...

WordPress WooCommerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress WooCommerce that stems from insufficient PostMessage data input cleanup and output escaping, which can be exploited by a...

Code Injection Vulnerabilities in Various ABB Products

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications...

Adobe Commerce Access Control Error Vulnerability

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An Access Control Error vulnerability exists in Adobe Commerce that stems from improper access control and can be exploited by an attacker to bypass...

Adobe InDesign Desktop Resource Management Error Vulnerability

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a Resource Management Error vulnerability that originates from reuse after release, which can be exploited by an attacker to cause a sensitive memory leak...

Various ABB products information leakage vulnerability

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Cross-site scripting vulnerability in various ABB products (CNVD-2025-13777)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Various ABB products predict filename vulnerability

ABB ASPECT and others are products of ABB Switzerland.ABB ASPECT is a scalable building energy management and control solution.ABB MATRIX is an embedded building automation network controller.ABB NEXUS is a wireless and wired solution. Various ABB products have a predicted filename vulnerability...

Dell Wyse Management Suite WMS Cross-Site Scripting Vulnerability

Wyse Management Suite WMS is a combined cloud and local management platform from Dell. A cross-site scripting vulnerability exists in Wyse Management Suite WMS that stems from improper input neutralization and can be exploited by an attacker to cause code injection...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14365)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server due to incorrect boundary checking in the APPEND component command handler. No detailed vulnerability details are provided at this time...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14363)

FreeFloat FTP Server is an FTP service from FreeFloat. FreeFloat FTP Server suffers from a buffer overflow vulnerability that is caused by incorrect boundary checking in the DEBUG component command handler. No detailed vulnerability details are provided at this time...

Google Chrome Resource Management Error Vulnerability

Google Chrome is a popular web browser. Google Chrome suffers from a resource management error vulnerability, which stems from a post-release reuse of a media component, that can be exploited by an attacker to cause an application to crash or execute arbitrary code in the context of the applicati...

Unspecified Vulnerability in Ivanti Workspace Control (CNVD-2025-15108)

Ivanti Workspace Control is a desktop management solution from Ivanti. Ivanti Workspace Control suffers from a security vulnerability that originates from hard-coded keys, which can be exploited by an attacker to decrypt stored SQL credentials...

Unspecified Vulnerability in Ivanti Workspace Control

Ivanti Workspace Control is a desktop management solution from Ivanti. A security vulnerability exists in Ivanti Workspace Control, which is rooted in a hard-coded key that can be exploited by an attacker to decrypt stored environment variable credentials and obtain sensitive information...

SAP NetWeaver Visual Composer Directory Traversal Vulnerability

SAP NetWeaver Visual Composer is a graphical modeling environment in the SAP NetWeaver platform for rapid development and deployment of composite applications. A directory traversal vulnerability exists in SAP NetWeaver Visual Composer, which stems from insufficient input path validation, and can...

Dmacroweb DM Corporative CMS Path Disclosure Vulnerability

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a path disclosure vulnerability that can be exploited by an attacker to view the contents of webroot/file...

Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14361)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/selectionnode/selection.asp that fails to...

Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability (CNVD-2025-14359)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which stems from the failure of the option parameter in the file /administer/selectionnode/framesSelection.a...

Dmacroweb DM Corporative CMS Insecure Direct Elephant Reference Vulnerability

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from an insecure direct object reference vulnerability, which originates from the parameter option in the file /administer/select node/data.asp that fails to proper...

Dmacroweb DM Corporative CMS SQL Injection Vulnerability (CNVD-2025-14355)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter name in the file /antcatalogue.as...

Dmacroweb DM Corporative CMS SQL Injection Vulnerability

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters name and cod in file /antbuspre.as...