Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15843)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manage Cross-Site Vulnerability (CNVD-2025-16204)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15810)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15156)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14513)

Adobe Experience Manager is a comprehensive content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in form fields, which can be exploited by an attacker t...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15845)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15750)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14517)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks that can be exploited by an attacker to cause...

Microsoft Outlook Code Execution Vulnerability (CNVD-2025-23067)

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A code execution vulnerability exists in Microsoft Outlook, which can be exploited by an attacker to execute arbitrary code on a system...

Tenda AC9 Cross-Site Request Forgery Vulnerability

The Tenda AC9 is a wireless router manufactured by Tenda. A cross-site request forgery vulnerability exists in the Tenda AC9. No detailed vulnerability details are provided at this time...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13272)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13271)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office due to the use of incompatible types of access to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13267)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Office Code Execution Vulnerability (CNVD-2025-13269)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A security vulnerability exists in Microsoft Office. An attacker can exploit the vulnerability to execute...

Adobe Experience Manager Incorrect Input Validation Vulnerability (CNVD-2025-15151)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An...

School Fees Payment System branch.php File SQL Injection Vulnerability

School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from the parameter ID of the /branch.php file not being securely filtered. The vulnerability can be exploited by an attacker to obtain sensitive...

GNU C Stock in Unspecified Vulnerabilities

The GNU C library is an implementation of the C standard library developed by the GNU project to provide core API support for Linux systems, and is the basis for most C programs to run. The GNU C library suffers from a security vulnerability that stems from not saving the caller's contents when...

GNU C Stock in Unspecified Vulnerabilities

The GNU C library is a standard library implementation of C developed by the GNU project to provide core API support for Linux systems, and is the basis for most C programs to run. The GNU C library suffers from a security vulnerability. An attacker could exploit the vulnerability to overwrite...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15537)

Adobe Experience Manager is a comprehensive content management solution CMS from Adobe for building websites, mobile apps and managing digital assets, while supporting cross-channel content delivery and the creation of personalized digital experiences. A cross-site scripting vulnerability exists ...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15551)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14997)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15000)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15090)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

Rail Pass Management System /admin/pass-bwdates-reports-details.php File SQL Injection Vulnerability

Rail Pass Management System is a rail pass management system. Rail Pass Management System suffers from a SQL injection vulnerability, which originates from improper handling of the parameter fromdate/todate in the file /admin/pass-bwdates-reports-details.php, resulting in SQL injection. An attack...

Tenda AC5 Buffer Overflow Vulnerability

Tenda AC5 is a wireless router from Tenda, a Chinese company. The Tenda AC5 suffers from a buffer overflow vulnerability that originates from a stack buffer overflow due to the operation of the parameter rebootTime in the file /goform/SetRebootTimer. An attacker can exploit this vulnerability to...

Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-15722)

Tenda AC6 is a dual-band wireless router from Tenda. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from the operation of the parameter lanMask in the file /goform/AdvSetLanip. An attacker can exploit this vulnerability to remotely execute code...

Online Fire Reporting System /admin/edit-team.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/edit-team.php. An attacker can...

Online Fire Reporting System /admin/profile.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber in the file /admin/profile.php. An attacker c...

Online Fire Reporting System /manage-teams.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/manage-teams.php. An attacker ca...

Online Fire Reporting System /details.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter requestid in the file /details.php. An attacker can exploi...

Online Fire Reporting System /reporting.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fullname in the file /reporting.php. The vulnerability c...

Teacher Subject Allocation Management System edit-course.php File SQL Injection Vulnerability

Teacher Subject Allocation Management System a teacher subject allocation management system. The Teacher Subject Allocation Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter editid in th...

Teacher Subject Allocation Management System /changeimage.php File SQL Injection Vulnerability

Teacher Subject Allocation Management System a teacher subject allocation management system. The Teacher Subject Allocation Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editid in the...

D-Link DCS-932L /setSystemWizard File Command Injection Vulnerability

The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. The D-Link DCS-932L suffers from a command injection vulnerability that stems from the failure of the parameter AdminID in the file /setSystemWizard to correctly filter constructe...

D-Link DCS-932L Buffer Overflow Vulnerability

The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. The D-Link DCS-932L suffers from a buffer overflow vulnerability that originates from the parameter EmailSMTPPortNumber in file /setSystemEmail failing to properly validate the...

D-Link DCS-932L setSystemAdmin File Command Injection Vulnerability

The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. The D-Link DCS-932L suffers from a command injection vulnerability that stems from the parameter AdminID in the file /setSystemAdmin failing to correctly filter constructed comman...

Teacher Subject Allocation Management System /edit-teacher-info.php File SQL Injection Vulnerability

Teacher Subject Allocation Management System a teacher subject allocation management system. The Teacher Subject Allocation Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter editid in fi...

WordPress WP Easy Contact plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WP Easy Contact plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

Online Fire Reporting System /request-details.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter requestid in the file /request-details.php. An attacker ca...

TOTOLINK EX1200T Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability that originates from the parameter LangType in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length and size of the input...

FreeFloat FTP Server 'NOOP' Remote Buffer Overflow Vulnerability

FreeFloat FTP Server is an FTP service from FreeFloat. FreeFloat FTP Server suffers from a remote buffer overflow vulnerability that originates from the NOOP Command Handler component failing to properly validate the length and size of input data, which can be exploited by an attacker to execute...

FreeFloat FTP Server 'HOST' Remote Buffer Overflow Vulnerability

FreeFloat FTP Server is an FTP service from FreeFloat. A remote buffer overflow vulnerability exists in FreeFloat FTP Server, which originates from the component HOST Command Handler failing to properly validate the length and size of input data, and can be exploited by an attacker to execute...

D-Link DIR-816 /goform/wirelessApcli_5g File Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a buffer overflow vulnerability that originates from the failure of the parameters apclimode5g/apclienc5g/apclidefaultkey5g to correctly validate the length size of the input data in the file...

D-Link DIR-816 /goform/setipsec_config File Command Injection Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a command injection vulnerability that stems from the parameter localIP/remoteIP in the file /goform/setipsecconfig failing to correctly filter constructed command special characters, commands, and so...

D-Link DIR-816 /goform/QoSPortSetup File Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a buffer overflow vulnerability, which originates from the failure of the QoSPortSetup parameter port0group in the file /goform/QoSPortSetup to correctly validate the length of the input data, which c...

D-Link DIR-816 /goform/qosClassifier File Command Injection Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a command injection vulnerability that stems from the parameter dipaddress/sipaddress failing to correctly filter constructed command special characters, commands, etc. in the file...

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12362)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. A buffer overflow vulnerability exists in Delta Electronics CNCSoft-G2 V2.1.0.20 and earlier versions, which stems from a lack of validation of user-supplied files and can be exploited by an...

Cisco Unified Communications Command Injection Vulnerability

Cisco Unified Communications is an enterprise call control and session management platform from Cisco that connects people anywhere using any device. A command injection vulnerability exists in Cisco Unified Communications that stems from insufficient validation of command parameters and can be...

WordPress WP Attachments plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress WP Attachments plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

WordPress Ultimate Gift Cards for WooCommerce plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Gift Cards for WooCommerce plugin suffers from an SQL injection vulnerability that stems from the application's lack of validation of externally entered S...