130931 matches found
Microsoft Windows Kernel Number Error Vulnerability
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. A security vulnerability exists in Microsoft Windows Kernel. An attacker could exploit this vulnerability to obtain sensitive information...
IBM Storage Scale Command Injection Vulnerability
IBM Storage Scale is a storage solution from International Business Machines IBM designed to help organizations effectively manage and scale storage resources to meet growing data storage needs. A command injection vulnerability exists in IBM Storage Scale versions 5.2.2.0 and 5.2.2.1 that stems...
IBM Security Guardium Cross-Site Scripting Vulnerability (CNVD-2025-12590)
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A cross-site scripting vulnerability exists in IBM Security...
TOTOLINK NR1800X setWiFiEasyCfg function ssid5g parameter buffer overflow vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's Gion Electronics TOTOLINK. The TOTOLINK NR1800X suffers from a buffer overflow vulnerability that stems from the ssid5g parameter in the setWiFiEasyCfg function failing to properly validate the length size of the input...
SQL Injection Vulnerability in UniSoft ATS UniNXG Secure Data Exchange System of Shenzhen UniSoft Technology Co.
UniSoft Aldo UniNXG Secure Data Exchange System is a professional product invented by UniSoft, integrating network isolation, network disk and DLP technology into one. Ltd. UniSoft UniNXG secure data exchange system has a SQL injection vulnerability, attackers can use the vulnerability to send...
Cyber Cafe Management System search.php File SQL Injection Vulnerability
Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /search.php. An attacker can exploit this...
Company Visitor Management System /visitors-form.php File SQL Injection Vulnerability
Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fullname in the file /visitors-form.php. An attacker c...
Patient Record Management System edit_upatient.php File SQL Injection Vulnerability
Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the ID parameter of the /editupatient.php file. An attacker can exploi...
Patient Record Management System fecalysis_form.php File SQL Injection Vulnerability
Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the itrno parameter of the fecalysisform.php file. An attacker can...
Vehicle Record Management System /edit-brand.php file cross-site scripting vulnerability
Vehicle Record Management System is a vehicle record management system. Vehicle Record Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in /edit-brand.php, which can be exploited by an attacker t...
TOTOLINK A3002R formIpv6Setup Interface Buffer Overflow Vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from the failure of the staticdns1 parameter in the formIpv6Setup interface to correctly validate the length size of the input data, and no...
TOTOLINK A3002R Command Injection Vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the FUN00459fdc function failing to properly filter constructed command special characters, commands, etc. The vulnerability can be...
TOTOLINK A3002R formDhcpv6s Interface Buffer Overflow Vulnerability
The TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from the failure of the addrPoolStart parameter in the formDhcpv6s interface to correctly validate the length size of the input data, no...
Adobe Bridge Input Validation Error Vulnerability (CNVD-2025-10671)
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from an input validation error vulnerability that stems from an integer overflow that can be exploited by an attacker to execute arbitrary code...
Adobe Bridge Buffer Overflow Vulnerability (CNVD-2025-10670)
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a buffer overflow vulnerability that originates from uninitialized pointer access, which can be exploited by an attacker to execute arbitrary code...
Adobe Animate Input Validation Error Vulnerability
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from an input validation error vulnerability that originates from an integer overflow, which can be exploited by an attacker to execute arbitrary code...
Adobe Bridge Access Uninitialized Pointer Vulnerability
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from an Access Uninitialized Pointer vulnerability that originates from an integer overflow, which can be exploited by an attacker to execute arbitrary code...
Apartment Visitors Management System /admin/visitors-form.php File SQL Injection Vulnerability
Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter Category in file...
Directory Management System /admin/forget-password.php File SQL Injection Vulnerability
Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/forget-password.php. An attacker can exploi...
Directory Management System /admin/edit-directory.php File SQL Injection Vulnerability
Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editid in the file /admin/edit-directory.php. An attacker can...
e-Diary Management System /my-profile.php File SQL Injection Vulnerability
The e-Diary Management System is an electronic diary management system. An SQL injection vulnerability exists in e-Diary Management System, which originates from the lack of validation of an externally entered SQL statement in the parameter fname in the file /my-profile.php. An attacker can explo...
Mozilla Thunderbird Cross-Site Scripting Vulnerability (CNVD-2025-18673)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A cross-site scripting vulnerability exists in Mozilla Thunderbird, which stems from...
D-Link DIR-619L formSetWizard2 function buffer overflow vulnerability
The D-Link DIR-619L is a wireless router from China's AUO D-Link. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from the formSetWizard2 function curTime parameter failing to correctly validate the length size of the input data, which can be exploited by an...
Dell PowerScale InsightIQ Elevation of Privilege Vulnerability
Dell PowerScale InsightIQ is a powerful performance monitoring and reporting tool from Dell, Inc. An elevation of privilege vulnerability exists in Dell PowerScale InsightIQ that stems from improper privilege management and can be exploited by an attacker to cause an elevation of privilege...
Adobe Animate Digital Error Vulnerability (CNVD-2025-10669)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a numeric error vulnerability that originates from an integer underflow, which can be exploited by an attacker to execute arbitrary code...
Adobe Substance 3D Modeler Uncontrolled Search Path Element Vulnerability
Adobe Substance 3D Modeler is a 3D modeling and sculpting software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from an uncontrolled search path element vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Substance 3D Stager Memory Misreference Vulnerability (CNVD-2025-15173)
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Animate Access to Uninitialized Pointers Vulnerability (CNVD-2025-10666)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from an access to uninitialized pointers vulnerability that can be exploited by an attacker to execute arbitrary code...
Adobe Substance 3D Stager Memory Misreference Vulnerability (CNVD-2025-15172)
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
TOTOLINK NR1800X setWiFiEasyGuestCfg Function Buffer Overflow Vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's Gion Electronics TOTOLINK. The TOTOLINK NR1800X suffers from a buffer overflow vulnerability that stems from the ssid5g parameter in the setWiFiEasyGuestCfg function failing to properly validate the length size of the...
D-Link DIR-605L sysCmd Parameter Command Injection Vulnerability
The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a command injection vulnerability that stems from the parameter sysCmd failing to properly filter constructed command special characters, commands, and so on. No details of the vulnerability are...
Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2025-15170)
Adobe Substance 3D Modeler is a 3D modeling and sculpting software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Substance 3D Painter Out-of-Bounds Write Vulnerability (CNVD-2025-15169)
Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. Adobe Substance 3D Painter suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe InDesign Out-of-Bounds Write Vulnerability (CNVD-2025-15167)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe InDesign version ID19.5.2 and ID20.2 and earlier versions, which can be exploited by an attacker to execute arbitrary code...
Wyse Management Suite Authentication Bypass Vulnerability
Wyse Management Suite is Dell's hybrid cloud security management solution for thin client devices, designed to simplify IT management and enhance security. An authentication bypass vulnerability exists in Wyse Management Suite, which could be exploited by an attacker to cause an information...
SQL Injection Vulnerability in UFIDA U8Cloud of UFIDA Network Technology Co.
UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A SQL injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive information from the database...
IBM App Connect Enterprise Encryption Issue Vulnerability
IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud native IBM App Connect Enterprise combines existing industry-trusted IBM...
D-Link DIR-619L wake_on_lan Function Command Injection Vulnerability
The D-Link DIR-619L is a wireless router from China's AUO D-Link. The D-Link DIR-619L suffers from a command injection vulnerability that stems from the wakeonlan function mac parameter failing to correctly filter constructed command special characters, commands, and so on. No details of the...
D-Link DIR-605L mac parameter command injection vulnerability
The D-Link DIR-605L is a wireless router from China's AUO D-Link. The D-Link DIR-605L suffers from a command injection vulnerability that stems from the parameter mac failing to properly filter constructed command special characters, commands, and more. No details of the vulnerability are provide...
D-Link DIR-619L formSysCmd Function Command Injection Vulnerability
The D-Link DIR-619L is a wireless router from China's AUO D-Link. The D-Link DIR-619L suffers from a command injection vulnerability that stems from the formSysCmd function sysCmd parameter failing to properly filter construct command special characters, commands, etc. No details of the...
TOTOLINK A3002R formDnsv6 Interface Buffer Overflow Vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from the failure of the routername parameter in the formDnsv6 interface to correctly validate the length and size of the input data, which...
Dell PowerScale InsightIQ Denial of Service Vulnerability
Dell PowerScale InsightIQ is a powerful performance monitoring and reporting tool from Dell, Inc. A denial of service vulnerability exists in Dell PowerScale InsightIQ, which arises from uncontrolled resource consumption and can be exploited by an attacker to cause a denial of service...
TOTOLINK A3002R formMapDelDevice interface bandstr parameter buffer overflow vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3002R, which stems from the bandstr parameter in the formMapDelDevice interface failing to correctly validate the length size of the input data, no detailed...
TOTOLINK NR1800X setWiFiGuestCfg function Buffer Overflow Vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's Gion Electronics TOTOLINK. The TOTOLINK NR1800X suffers from a buffer overflow vulnerability that stems from the ssid parameter in the setWiFiGuestCfg function failing to properly validate the length size of the input...
Cyber Cafe Management System add-users.php File SQL Injection Vulnerability
Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uadd in the file /add-users.php. An attacker can exploit th...
Google Chrome Information Disclosure Vulnerability (CNVD-2025-11417)
Google Chrome is a web browser developed by Google to provide a fast and secure browsing experience. Google Chrome suffers from an information disclosure vulnerability that stems from insufficient policy enforcement in Loader. An attacker can exploit the vulnerability to obtain cross-origin data...
Adobe Photoshop Buffer Overflow Vulnerability
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a buffer overflow vulnerability that originates from accessing an uninitialized pointer, which can be exploited by an...
Google Web Designer Code Execution Vulnerability
Google Web Designer is a professional-grade HTML5 advertising and web content authoring tool from Google, supporting visual design and code editing. A code execution vulnerability exists in Google Web Designer, which stems from improperly resolved symbolic links in the Preview feature, and can be...
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft Windows Media Foundation is a multimedia development library from Microsoft that aims to provide a unified multimedia solution for the Windows platform, allowing developers to play video and sound files, encode audio and video, or transcode multimedia files. Media Foundation allows...
Adobe Animate Null Pointer Dereference Vulnerability
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service in the application...