Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-10676)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious JavaScript...

Adobe InDesign Null Pointer Dereference Vulnerability (CNVD-2025-15166)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe InDesign version ID19.5.2 and ID20.2 and earlier versions, which can be exploited by an attacker to cause a denial of service in the...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-10675)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious JavaScript...

Adobe InDesign Null Pointer Dereference Vulnerability (CNVD-2025-15165)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe InDesign version ID19.5.2 and ID20.2 and earlier versions, which can be exploited by an attacker to cause a denial of service...

Adobe Substance 3D Stager Out-of-Bounds Read Vulnerability (CNVD-2025-15171)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a sensitive memory leak...

SQL Injection Vulnerability in NetDrive Unified Communication Platform of Beijing NetDrive Network Technology Co.

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. A SQL injection vulnerability exists in the NetDrive Unified Communications Platform of Beijing...

Vehicle Record Management System profile.php file cross-site scripting vulnerability

Vehicle Record Management System is a vehicle record management system. Vehicle Record Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the name, email, and mobile parameters in...

DELL PowerScale OneFS Competitive Conditions Vulnerability

DELL PowerScale OneFS is Dell's horizontally scalable clustered file system designed to manage unstructured data and support enterprise-class storage capabilities. A competitive condition vulnerability exists in DELL PowerScale OneFS, which can be exploited by attackers to cause a denial of servi...

Adobe Photoshop Input Validation Error Vulnerability

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an input validation error vulnerability that originates from an integer overflow, which can be exploited by an attacker ...

TOTOLINK A950RG Command Execution Vulnerability

The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a command execution vulnerability that originates from the failure of the setNoticeCfg interface IpTo parameter in /lib/cstemodules/system.so to correctly filte...

e-Diary Management System /manage-notes.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /manage-notes.php. An attacker can...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-10674)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious JavaScript...

Vehicle Record Management System /add-brand.php file cross-site scripting vulnerability

Vehicle Record Management System is a vehicle record management system. Vehicle Record Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the brandname parameter of /admin/add-brand.php, which c...

Adobe ColdFusion Path Traversal Vulnerability (CNVD-2025-10673)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability that originates from an improperly...

IBM Security Qradar Information Disclosure Vulnerability

IBM Security QRadar is a modernized threat detection and response solution from International Business Machines IBM, Inc. designed to unify and integrate the security analyst experience and improve their response speed throughout the incident lifecycle. An information disclosure vulnerability...

ASUS Armoury Crate Stack Buffer Overflow Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a stack buffer overflow vulnerability that originates from a boundary error when the application handles untrusted input, which c...

TOTOLINK A3002R and A3002RU Command Injection Vulnerability

The TOTOLINK A3002R and A3002RU are routers from TOTOLINK that support a wide range of network features and services. The TOTOLINK A3002R and A3002RU are vulnerable to a command injection vulnerability that originates from misuse of the /boafrm/formMapDelDevice file of the HTTP POST request...

Tenda AC10 GetParentControlInfo function buffer overflow vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda AC10, which stems from the GetParentControlInfo function failing to properly validate the length and size of the input data, no details of the vulnerability are available at thi...

Vehicle Record Management System /edit-vehicle.php File Cross-Site Scripting Vulnerability

Vehicle Record Management System is a vehicle record management system. Vehicle Record Management System has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the vehiclename parameter in /admin/edit-vehicle.php, which...

GNU GRUB Access Control Error Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. An Access Control Error vulnerability exists in GNU GRUB, which stems from GRUB not clearing the key in memory during automatic TPM decryption, and can be exploited by an attacker to obtain unencrypted data...

Adobe Dreamweaver Type Obfuscation Vulnerability

Adobe Dreamweaver is the United States of America Odooby Adobe company a Windows-based platform to support visual HTML editing and code editing software. Adobe Dreamweaver suffers from a type confusion vulnerability that originates from type confusion and can be exploited by an attacker to execut...

Tenda FH451 Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 suffers from a buffer overflow vulnerability that originates from the P2pListFilter function failing to properly validate the length of input data, which can be exploited by an attacker to execute arbitrary code on the...

Adobe ColdFusion Input Validation Error Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion is vulnerable to an input validation error vulnerability that originates from the system failing to properly process a specific input. No detailed vulnerability details are...

Adobe ColdFusion Input Validation Error Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from an input validation error vulnerability that stems from a failure to properly validate input data. An attacker could exploit the vulnerability to execute...

Adobe ColdFusion Improper Authorization Vulnerability (CNVD-2025-10391)

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from an improper authorization vulnerability that stems from the system failing to properly process authorization requests. An attacker could use this vulnerability ...

Adobe Substance3D-Stager Out-of-Bounds Write Vulnerability

Adobe Substance3D-Stager is a 3D design and rendering software developed by Adobe for creating and presenting 3D scenes. Adobe Substance3D-Stager suffers from an out-of-bounds write vulnerability that stems from the program failing to properly handle specific input. An attacker can exploit the...

SAP supplier relationship management cross-site scripting vulnerability

SAP supplier relationship management is a supplier relationship management software developed by SAP Germany. A cross-site scripting vulnerability exists in SAP supplier relationship management, which stems from the use of a deprecated Java applet component that can be exploited by an attacker to...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10510)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

Adobe ColdFusion Improper Access Control Vulnerability (CNVD-2025-10394)

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from an Improper Access Control vulnerability that stems from the system failing to properly restrict access to the file system. No details of the vulnerability are...

Apartment Visitors Management System /admin/pass-details.php File SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that originates from a misbehavior of the parameter pid in the file /admin/pass-details.php that results in SQL injection. An attacker ca...

D-Link DI-8100 Stack Buffer Overflow Vulnerability

The D-Link DI-8100 is a network device designed to provide network connectivity and management capabilities. The D-Link DI-8100 suffers from a stack buffer overflow vulnerability that stems from insufficient handling of the parameters defmax/deftime/deftcpmax/deftcptime/defudpmax/defudptime/defic...

Apartment Visitors Management System /admin/bwdates-reports-details.php File SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that originates from improper manipulation of the parameter fromdate/todate in the file /admin/bwdates-reports-details.php. An attacker c...

Apartment Visitors Management System /admin/bwdates-passreports-details.php File SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability, which originates from improper manipulation of the parameters fromdate/todate in the file /admin/bwdates-passreports-details.php. An...

Adobe Substance3D-Stager Resource Management Error Vulnerability (CNVD-2025-10387)

Adobe Substance3D-Stager is a 3D design and rendering software developed by Adobe for creating and presenting 3D scenes. Adobe Substance3D-Stager suffers from a resource management error vulnerability that can be exploited by attackers to execute arbitrary code...

Adobe Substance3D-Stager Resource Management Error Vulnerability

Adobe Substance3D-Stager is a 3D design and rendering software developed by Adobe for creating and presenting 3D scenes. Adobe Substance3D-Stager suffers from a Resource Management Error vulnerability that originates from the continued use of freed memory after memory release. An attacker can...

Adobe ColdFusion Improper Authorization Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from an improper authorization vulnerability that stems from the system failing to properly process authorization requests. An attacker could exploit the vulnerabili...

SAP supplier relationship management input validation error vulnerability

SAP supplier relationship management is a supplier relationship management software developed by SAP Germany. An input validation error vulnerability exists in SAP supplier relationship management, which stems from the use of a deprecated Java applet component that can be exploited by an attacker...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability

SAP Supplier Relationship Management Master Data Management Catalog is a system for managing supplier relationships that provides master data management functionality. A cross-site scripting vulnerability exists in SAP Supplier Relationship Management Master Data Management Catalog that allows an...

SAP supplier relationship management information leakage vulnerability

SAP supplier relationship management is a supplier relationship management software developed by SAP Germany. An information disclosure vulnerability exists in SAP supplier relationship management, which stems from the use of a deprecated Java applet component, and can be exploited by an attacker...

SAP NetWeaver Visual Composer Metadata Uploader Deserialization Vulnerability

SAP NetWeaver Visual Composer Metadata Uploader is a component in SAP NetWeaver for uploading metadata. A deserialization vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader that originates from deserializing malicious content, which can be exploited by an attacker to cause a...

Adobe ColdFusion Improper Access Control Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from an Improper Access Control vulnerability that stems from the system failing to properly restrict access to the file system. No details of the vulnerability are...

SAP Data Services Management Console Cross-Site Scripting Vulnerability

SAP Data Services Management Console is a console for managing and monitoring data services. A cross-site scripting vulnerability exists in SAP Data Services Management Console that stems from the system failing to adequately encode user-controlled input. An attacker could exploit the vulnerabili...

IBM Semeru Runtime Denial of Service Vulnerability

IBM Semeru Runtime is an open source Java runtime environment provided by IBM , based on the Eclipse Adoptium project , support for a variety of operating systems and architectures , to provide high-performance and high-reliability running platform for Java applications . A denial of service...

TOTOLINK A3002R and A3002RU Buffer Overflow Vulnerability (CNVD-2025-11997)

TOTOLINK A3002R and A3002RU are two high-performance dual-band wireless routers. A buffer overflow vulnerability exists in the TOTOLINK A3002R and A3002RU. The vulnerability is related to /boafrm/formFilter and is due to a failure to properly validate the ip6addr parameter entered by the user. An...

Adobe ColdFusion Command Injection Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from a command injection vulnerability due to the system failing to properly neutralize or filter specific elements when processing certain input. An attacker could...

Adobe Dimension Out-of-Bounds Write Vulnerability

Adobe Dimension is an application for 3D design and rendering. An out-of-bounds write vulnerability exists in Adobe Dimension. The vulnerability is due to a component of the program failing to properly manage memory boundaries when processing specific input. An attacker could exploit the...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co.

Founded in 2010, Beijing Divine Vision Han Technology Co., Ltd. is an information technology product and solution provider focusing on the fields of intelligent hospitals, commercial intelligent screens, intelligent education and so on. A SQL injection vulnerability exists in the remote medical...

File Upload Vulnerability in MetaCRM of Beijing Meta Software Technology Co.

MetaCRM6 is a customer relationship management system. A file upload vulnerability exists in MetaCRM, which can be exploited by attackers to upload malicious files and gain server privileges...

SQL Injection Vulnerability in the ERP System of Shanghai Qiwang Information Technology Co.

Ltd. is a company that specializes in providing high-end intelligent manufacturing management solutions for the packaging and printing industry. Ltd. ERP system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Adobe Connect Cross-Site Scripting Vulnerability

Adobe Connect is a versatile online meeting and collaboration tool from Adobe for digital training, webinars and team collaboration. A cross-site scripting vulnerability exists in Adobe Connect. The vulnerability is due to Adobe Connect failing to effectively escape and filter user-supplied input...