130931 matches found
Growatt Cloud Applications Security Bypass Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by unauthenticated attackers to send configuration settings and potentially perform physical...
Google Chrome OS Out-of-Bounds Write Vulnerability (CNVD-2025-09153)
Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to bypass operating system authentication...
Google Chrome OS out-of-bounds write vulnerability (CNVD-2025-09154)
Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to bypass operating system authentication...
Dell PowerScale OneFS Out-of-Bounds Write Vulnerability
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from an out-of-bounds write vulnerability that stems from an application boundary error when processing untrusted input. No detailed...
SAP NetWeaver Visual Composer Metadata Uploader File Upload Vulnerability
SAP NetWeaver Visual Composer Metadata Uploader is a tool for modeling assistance from SAP. A file upload vulnerability exists in SAP NetWeaver Visual Composer Metadata Uploader. The vulnerability is due to an unauthenticated agent uploading potentially malicious executable binaries because the...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-09030)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL Server, which stems from improper handling of the Server: DDL component and can be exploited by an...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-09010)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause a denial of service...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-09022)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL Server that originates from mishandling of the Server: Optimizer component, which can be exploited by...
Mattermost Information Disclosure Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability. The vulnerability stems from an under-restricted LLM request domain. An attacker can exploit the vulnerability to perform prompt injecti...
Mattermost Information Disclosure Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from not checking if a file has been deleted, which can be exploited by an attacker to cause a file metadata disclosure...
Mattermost Improper Access Control Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from improper access control and can be exploited by an attacker to retrieve user activity logs...
Mattermost Authorization Issues Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from improper privilege validation, which can be exploited by an attacker to make unauthorized changes to the system administrato...
PyTorch Denial of Service Vulnerability (CNVD-2025-23353)
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a denial of service vulnerability caused by a floating point exception in torch.nn.functional.ctcloss. An attacker can exploit this vulnerability to cause a denial of service...
Unspecified Vulnerability in Oracle MySQL (CNVD-2025-17362)
Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. A security vulnerability exists in MySQL Client for Oracle MySQL that originates from a...
Arbitrary File Read Vulnerability in Linkworks Collaborative Office Management Platform at Quanta Technology Co.
Linkworks Collaboration Management Platform is a collaborative office management platform designed to provide collaboration and information sharing among members of an organization. An arbitrary file read vulnerability exists in Linkworks Collaborative Office Management Platform of Quanta...
Tenda AC10 Buffer Overflow Vulnerability (CNVD-2025-08348)
The Tenda AC10 is a home wireless router that provides a stable and fast internet connection. A buffer overflow vulnerability exists in Tenda AC10. The vulnerability stems from the AdvSetMacMtuWan function not validly checking the length of the incoming data when processing the wanMTU2 parameter...
D-Link DIR-832x Command Injection Vulnerability
The D-Link DIR-832x is a wireless router from D-Link. A command injection vulnerability exists in the D-Link DIR-832x. The vulnerability stems from improper handling of the targetaddr key value and function 0x41710c. An attacker can exploit this vulnerability to execute arbitrary code...
D-Link DIR-832x Command Injection Vulnerability
The D-Link DIR-832x is a wireless router manufactured by D-Link. A command injection vulnerability exists in the D-Link DIR-832x. The vulnerability stems from improper handling of the targetaddr key value and function 0x41737c. An attacker can exploit this vulnerability to execute arbitrary code...
Apple MacOS Denial of Service Vulnerability
Apple MacOS is a graphical operating system developed by Apple Inc. for the Macintosh series of computers. Apple MacOS suffers from a denial of service vulnerability that originates from processing a file to cause a denial of service or disclose the contents of memory. An attacker could exploit t...
Apple MacOS Denial of Service Vulnerability (CNVD-2025-25572)
Apple MacOS is a graphical operating system developed by Apple Inc. for the Macintosh series of computers. Apple MacOS suffers from a denial of service vulnerability that originates from processing a file to cause a denial of service or disclose the contents of memory. An attacker could exploit t...
Apple MacOS Denial of Service Vulnerability (CNVD-2025-25573)
Apple MacOS is a graphical operating system developed by Apple Inc. for the Macintosh series of computers. Apple MacOS suffers from a denial of service vulnerability that originates from processing a file resulting in a denial of service or disclosure of memory contents. An attacker could exploit...
Apple MacOS Elevation of Privilege Vulnerability
Apple MacOS is a graphical operating system developed by Apple Inc. for the Macintosh series of computers. Apple MacOS suffers from an elevation of privilege vulnerability that can be exploited by attackers to cause a data leak...
Tenda W12/i24 cgiSysUplinkCheckSet Stack Overflow Vulnerability
The Tenda W12 and i24 is a wireless router manufactured by Tenda. A stack overflow vulnerability exists in the Tenda W12 and i24. The vulnerability stems from improper handling of cgiSysUplinkCheckSet. An attacker can exploit this vulnerability to execute arbitrary code...
Tenda W12 and i24 cgiSysScheduleRebootSet Stack Overflow Vulnerability
The Tenda W12 and i24 is a wireless router made by Tenda. A stack overflow vulnerability exists in the Tenda W12 and i24. The vulnerability stems from improper handling of the rebootDate parameter in the cgiSysScheduleRebootSet function in the /bin/httpd file. An attacker can exploit the...
NETGEAR R61 Buffer Overflow Vulnerability
The NETGEAR R61 is a wireless router from NETGEAR. The NETGEAR R61 suffers from a buffer overflow vulnerability that stems from improper handling of the QUERYSTRING key value, which can be exploited by an attacker to execute arbitrary code...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-129102)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-17363)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server that originates from improper handling of the Server: Options component and can be exploited by an attacker to cause a denial of service...
Unauthorized Access Vulnerability in the Integration Platform of Beijing UFIDA Government Affairs Software Co.
Beijing UFIDA Government Software Co., Ltd. is an all-round business management informatization solution provider for government departments, institutions and non-profit organizations. An unauthorized access vulnerability exists in the integration platform of Beijing UFIDA Government Affairs...
PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10862)
PCMan FTP Server is a server software for File Transfer Protocol FTP. A buffer overflow vulnerability exists in PCMan FTP Server that stems from the MPUT Command Handler failing to properly process input data when processing a specific request. No detailed vulnerability details are available at...
Command Execution Vulnerability in YAPI of Shanghai Accenture Software Systems Co.
YAPI is an efficient, easy-to-use and powerful open source API management platform designed for developers, product and testers to provide elegant interface management services. A command execution vulnerability exists in YAPI of Shanghai Erlinger Software Systems Corporation, which can be...
Unauthorized Access Vulnerability in Unicom Software Technology Co.
Unisys Software Technology Co., Ltd. is a leading domestic operating system research and development enterprise in China. Unauthorized access vulnerability exists in Unixin Software Technology Co., Ltd.'s Write Online, which can be exploited by attackers to obtain sensitive information...
Dell ECS Information Disclosure Vulnerability
Dell ECS is an enterprise-class object storage solution from Dell Technologies. Dell ECS suffers from an information disclosure vulnerability that originates from the system failing to properly validate certificates. An attacker could exploit the vulnerability to cause an information disclosure...
Dell ECS Input Validation Error Vulnerability
Dell ECS is an enterprise-class object storage solution from Dell Technologies. Dell ECS suffers from an input validation error vulnerability that stems from the system failing to properly process specific inputs. No details of the vulnerability are provided at this time...
Dell Alienware Command Center Access Control Error Vulnerability
Dell Alienware Command Center is a package manager from Dell USA. An Access Control Error vulnerability exists in Dell Alienware Command Center that stems from improper access control. An attacker could exploit the vulnerability to elevate privileges...
Delta Electronics COMMGR Code Execution Vulnerability
Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...
Unspecified vulnerability in JetBrains rubymine
JetBrains rubymine is an integrated development environment IDE for Ruby development, providing code editing, debugging, and more. JetBrains rubymine suffers from a security vulnerability that originates from a remote interpreter overriding the port that listens to all interfaces. An attacker can...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08370)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an SQL injection in the CreateLog method, which can be exploited by an attacker to bypass authorization...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08365)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from an SQL injection in the GetTraces method, which can be exploited by an attacker to bypass authorization controls a...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08362)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method GetActiveProjects, which can be exploited by an attacker to bypass...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08359)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method LockProjectUserRights, which can be exploited by an attacker to bypass authorization...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08358)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateConnectionVariables, which can be exploited by an attacker to...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08352)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateTcmSettings, which can be exploited by an attacker to bypass...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08351)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateSmtpSettings, which can be exploited by an attacker to bypass...
Siemens TeleControl Server Basic SQL Injection Vulnerability
TeleControl Server Basic is a server software for remote monitoring and control, widely used in industrial automation. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from the internal use of the LockProjectCrossCommunications method that fails to properly...
Siemens TeleControl Server Basic SQL Injection Vulnerability
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method UpdateBufferingSettings, which can be exploited by an attacker to bypa...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08620)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method, UnlockProject, which can be exploited by an attacker to bypass authorization controls an...
WordPress Attendance Manager Stored Cross-Site Scripting Vulnerability
Attendance Manager is a WordPress plugin for managing attendance records. WordPress Attendance Manager suffers from a stored cross-site scripting vulnerability that stems from insufficient neutralization of input during page generation. No details of the vulnerability are provided at this time...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08618)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method, UnlockProjectUserRights, which can be exploited by an attacker to bypass authorization...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08617)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from an SQL injection vulnerability that originates from an internal method UpdateConnectionVariablesWithImport, which can be exploited by an attacker to bypass...
Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-08615)
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from a SQL injection in the internal method GetConnectionVariables, which can be exploited by an attacker to bypas...