Google Chrome Resource Management Error Vulnerability (CNVD-2025-09155)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that stems from a post-release reuse issue, which can be exploited by an attacker to submit a special Web request that can be tricked into being parsed by the user...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09147)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to cause remote code execution...

SonicWall NetExtender Windows client elevation of privilege vulnerability

SonicWall NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL USA. An elevation of privilege vulnerability exists in SonicWall NetExtender Windows client, which can be exploited by an attacker to elevate privileges and arbitrary file...

UFIDA Network Technology Corporation YonBIP Path Traversal Vulnerability

YonBIP is a new generation of products developed by UFIDA, as the world's leading enterprise digital intelligence platform and application software. A path traversal vulnerability exists in YonBIP, which originates from improper operation of the parameter path in the file /mobsm/common/userfile,...

Command Execution Vulnerability in NX15000 of Xinhua San Technologies Co.

The NX15000 is a high-end router. A command execution vulnerability exists in the NX15000 of Xinhua San Technologies Limited, which can be exploited by an attacker to execute arbitrary commands...

Cisco Secure Network Analytics Data Forgery Issue Vulnerability

Cisco Secure Network Analytics is a network security solution designed to provide enterprise-wide network visibility and advanced threat detection and response capabilities. Cisco Secure Network Analytics is vulnerable to a data forgery issue, which can be exploited by a remote attacker to submit...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09149)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to cause remote code execution...

NETGEAR WNR854T addmap_exec function command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the addmapexec function failing to properly filter constructor command special characters, commands, and more. An attacker can exploit this...

NETGEAR WNR854T cmd.cgi file command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the cmd.cgi file failing to properly filter construct command special characters, commands, and so on. An attacker can exploit this vulnerability ...

NETGEAR WNR854T SetDefaultConnectionService Function Buffer Overflow Vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR WNR854T version 1.5.2, which is caused by the SetDefaultConnectionService function failing to properly validate the length of the input data, and can be exploited by a remote attacker to...

NETGEAR WNR854T parse_st_header function buffer overflow vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR WNR854T version 1.5.2, which is caused by the parsestheader function failing to properly validate the length of the input data, and can be exploited by a remote attacker to execute arbitra...

NETGEAR WNR854T get_email Function Command Execution Vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of the getemail function of the post.cgi file failing to correctly filter for constructed command special characters, commands...

NETGEAR WNR854T pppoe_peer_mac function command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of the ppoepeermac function of the post.cgi file failing to correctly filter for constructed command special characters,...

NETGEAR WNR854T wan_hostname function command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the nvram parameter of wanhostname failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit...

Siemens TeleControl Server SQL Injection Vulnerability (CNVD-2025-09150)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that can be exploited by an attacker to bypass authorization controls and execute arbitrary code...

Wyse Management Suite WMS Authorization Issues Vulnerability

Wyse Management Suite WMS is a cloud and local management platform from Dell, USA. Wyse Management Suite WMS suffers from an authorization issue vulnerability that stems from insecure inheritance permissions, no details of the vulnerability are provided at this time...

Wyse Management Suite Cross-Site Scripting Vulnerability

The Wyse Management Suite is a cloud and local management platform from Dell, USA. A cross-site scripting vulnerability exists in Wyse Management Suite that stems from improper input neutralization and can be exploited by an attacker to cause script injection...

NETGEAR WNR854T UPNP Service Buffer Overflow Vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. The NETGEAR WNR854T version 1.5.2 suffers from a buffer overflow vulnerability that originates from the UPNP service failing to properly validate the length of incoming data, which can be exploited by remote attackers to execute arbitrary cod...

Denial of Service Vulnerability in Fastfilm APP of Beijing Fastfilm Technology Co.

Fast Shadow App is a video shooting, video editing and video making tool. A denial-of-service vulnerability exists in the Fast Shadow APP of Beijing Racer Technology Company Limited, which can be exploited by attackers to cause a denial of service...

D-Link DI-8100 Router Stack Buffer Overflow Vulnerability

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium sized network environments. A stack buffer overflow vulnerability exists in the D-Link DI-8100. The vulnerability stems from the authasp function in the /auth.asp file in the jhttpd component not effectively limitin...

Dell Common Event Enabler Unauthorized Access Vulnerability

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler. The vulnerability stems from a communication channel that does not properly restrict the target endpoint, resulting in unauthorized access. An attacker could exploit...

Dell PowerProtect Cyber Recovery Information Disclosure Vulnerability

Dell PowerProtect Cyber Recovery is a cyber security solution for protecting and recovering critical data. An information disclosure vulnerability exists in Dell PowerProtect Cyber Recovery. The vulnerability stems from a failure to properly handle sensitive information and can be exploited by an...

Pimcore Admin Classic Bundle Cross-Site Scripting Vulnerability

Pimcore Admin Classic Bundle is a Pimcore open source a core bundle of Pimcore. The Pimcore Admin Classic Bundle suffers from a cross-site scripting vulnerability that stems from HTML injection, which can be exploited by an attacker to steal session cookies...

Dell Common Event Enabler Unauthorized Access Vulnerability

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler, which arises from the use of insecure default values when initializing resources, and can be exploited by an attacker to cause unauthorized access...

Samsung Galaxy Watch Improper Access Control Vulnerability

The Samsung Galaxy Watch is a smartwatch that offers a variety of features, including fitness tracking, notifications, and mobile payments. An Improper Access Control vulnerability exists in Samsung Galaxy Watch. The vulnerability stems from improper access control. An attacker could exploit the...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2025-12796)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content...

Fortinet FortiSwitch Authorization Issues Vulnerability

Fortinet FortiSwitch is a network switch management tool from Fiat Fortinet. Fortinet FortiSwitch suffers from an authorization issue vulnerability that originates from an unauthenticated password change, which can be exploited by an attacker to cause the administrator password to be tampered wit...

Fortinet FortiIsolator Operating System Command Injection Vulnerability

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...

Fortinet FortiAnalyzer Input Validation Error Vulnerability (CNVD-2025-12793)

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Siemens SENTRON 7KT PAC1260 Data Manager Trust Management Issue Vulnerability

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. A trust management issue vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which stems from the presence of hard-coded credentials that can be exploited by an...

Unspecified Vulnerability in Siemens SENTRON 7KT PAC1260 Data Manager (CNVD-2025-07815)

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. A security vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager that stems from a web interface of the affected device that allows the login password to be changed...

Siemens SENTRON 7KT PAC1260 Data Manager Path Traversal Vulnerability

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. A path traversal vulnerability exists in Siemens SENTRON 7KT PAC1260 Data Manager, which arises from the program failing to correctly filter special elements in the path of a...

Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability (CNVD-2025-07812)

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. An access control error vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which originates from an unauthenticated report creation request, and can be exploite...

Siemens SENTRON 7KT PAC1260 Data Manager Access Control Error Vulnerability

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. An Access Control Error vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which originates from an unauthenticated SSH service enabled endpoint, and can be...

Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07810)

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the region parameter of a specific POST request,...

Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability (CNVD-2025-07809)

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the language parameter of a specific POST request,...

Siemens SENTRON 7KT PAC1260 Data Manager OS Command Injection Vulnerability

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. The Siemens SENTRON 7KT PAC1260 Data Manager suffers from an OS command injection vulnerability that stems from not cleaning up the input parameter of a specific GET request, whic...

Siemens License Server Privilege Mismanagement Vulnerability

Siemens License Server SLS is a tool from Siemens, Germany, for managing and distributing licenses for Siemens software products. A privilege mismanagement vulnerability exists in Siemens License Server that stems from not properly validating an executable file in an application folder, which can...

Adobe After Effects Null Pointer Dereference Vulnerability (CNVD-2025-07800)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects version 25.1 and...

Dell Client Platform BIOS Buffer Overflow Vulnerability

Dell Client Platform BIOS is a client platform BIOS from Dell USA. The Dell Client Platform BIOS is vulnerable to a buffer overflow vulnerability that originates from an application boundary error when handling untrusted input. No detailed vulnerability details are provided at this time...

Adobe XMP Toolkit Buffer Overflow Vulnerability (CNVD-2025-08786)

Adobe XMP Toolkit is a toolkit from the American company Audobee Adobe. Used to integrate Xmp functionality into a product or solution. Adobe XMP Toolkit has a buffer overflow vulnerability that originates from an out-of-bounds read, which can be exploited by an attacker to obtain sensitive...

Adobe Media Encoder Out-of-Bounds Write Vulnerability (CNVD-2025-08778)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. Adobe Media Encoder suffers from an out-of-bounds write vulnerability that stems from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code...

Adobe Commerce License Issues Vulnerability (CNVD-2025-08776)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an authorization issue vulnerability that stems from improper authorization, and no detailed vulnerability details are available at...

Adobe Commerce Access Control Error Vulnerability (CNVD-2025-08775)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from an Access Control Error vulnerability that stems from improper access control, no details of the vulnerability are available...

SAP Commerce Information Disclosure Vulnerability

SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. SAP Commerce suffers from an information disclosure vulnerability that originates from a coupon code being exposed in a URL parameter. An attacker could exploit this vulnerability to obtain and use the leaked coupon cod...

SAP NetWeaver Application Server ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server ABAP is an application server from SAP in Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP, which arises from insufficiently encoded input, allowing an attacker to inject malicious JavaScript.No details of the...

SAP NetWeaver Application Server Code Injection Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A code injection vulnerability exists in SAP NetWeaver Application Server, which arises from improper authentication checks, where an attacker constructs a malicious RFC request to a restricted target. The vulnerability...

Google Pixel out-of-bounds write vulnerability (CNVD-2025-09216)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an out-of-bounds write vulnerability that stems from a missing bounds check in the tmusetcontroltempstep module of the tmu.c file, for which no details of the vulnerability are currently available...

Google Pixel Out-of-Bounds Read Vulnerability (CNVD-2025-09157)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an out-of-bounds read vulnerability that stems from a lack of boundary checking in the TMUIPCGETTABLE module, which can be exploited by an attacker to obtain local information...

Adobe XMP Toolkit Buffer Overflow Vulnerability

Adobe XMP Toolkit is a toolkit from the American company Audobee Adobe. Adobe XMP Toolkit suffers from a buffer overflow vulnerability that originates from mishandling a malicious user-supplied file, causing the program to read memory data outside of boundaries, which can be exploited by an...