Adobe FrameMaker Out-of-Bounds Write Vulnerability (CNVD-2025-07244)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An out-of-bounds write vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to execute...

Adobe FrameMaker heap buffer overflow vulnerability (CNVD-2025-07243)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A heap buffer overflow vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to execute...

Adobe FrameMaker Integer Latent Vulnerability

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe FrameMaker suffers from an integer latency vulnerability that can be exploited by an attacker to execute...

SAP Commerce Cloud Information Disclosure Vulnerability (CNVD-2025-07505)

SAP Commerce Cloud is a set of cloud-based e-commerce platform from Germany's SAP. The product supports sales management, marketing management, order management and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud, which can be exploited by an attacker t...

SAP ERP BW Business Content Code Injection Vulnerability

SAP ERP BW Business Content is a cloud-based e-commerce platform that helps companies create a personalized and seamless buying experience for their customers. SAP ERP BW Business Content suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code...

SAP Capital Yield Tax Management Directory Traversal Vulnerability

SAP Capital Yield Tax Management is a tool for capital gains tax calculation, reporting and compliance management from SAP. A directory traversal vulnerability exists in SAP Capital Yield Tax Management, which can be exploited by an attacker to submit a special request to view the contents of...

HDF5 H5FL__blk_gc_list function release post heap usage vulnerability

HDF5 Hierarchical Data Format version 5 is an open source library and file format for storing and organizing large amounts of data. The HDF5 H5FLblkgclist function releases a post heap usage vulnerability that can be exploited by an attacker to cause out-of-bounds reads and potentially crash an...

YzmCMS Cross-Site Scripting Vulnerability

YzmCMS is an open source CMS Content Management System. A cross-site scripting vulnerability exists in YzmCMS. The vulnerability stems from improper handling of the gourl parameter in message.tpl, which can be exploited by attackers to cause cross-site scripting attacks...

Adobe Animate heap buffer overflow vulnerability (CNVD-2025-07246)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Animate memory misreference vulnerability (CNVD-2025-07245)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...

Command Execution Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2025-07886)

e-cology is an enterprise-level collaborative office automation system that provides comprehensive informatization solutions mainly for medium and large enterprises. It is characterized by intelligence, platform and full digitalization, aiming to improve the efficiency and management level of the...

Adobe ColdFusion Deserialization Vulnerability

Adobe ColdFusion is the United States of America Odo than Adobe company's set of rapid application development platform. Adobe ColdFusion suffers from a deserialization vulnerability, which occurs when the program lacks strict checksums when processing externally-entered serialized data. The...

Adobe ColdFusion OS Command Injection Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an OS command injection vulnerability that can be exploited by an attacker to...

Dell PowerScale OneFS Authorization Logic Error Vulnerability

PowerScale OneFS is a distributed storage operating system developed by Dell to provide unified file system management and high availability services for enterprise-class storage environments. Dell PowerScale OneFS suffers from an authorization logic error vulnerability that stems from not proper...

Adobe FrameMaker Out-of-Bounds Write Vulnerability (CNVD-2025-07241)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An out-of-bounds write vulnerability exists in Adobe FrameMaker, which can be exploited by an attacker to execute...

Adobe ColdFusion Path Traversal Vulnerability (CNVD-2025-07248)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability that can be exploited by an attacker to...

Adobe ColdFusion Access Control Not Vulnerable

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an access control vulnerability that can be exploited by an attacker to read...

IBM TXSeries for Multiplatforms Cross-Site Request Forgery Vulnerability

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A cross-site request forgery vulnerability exists in IBM TXSeries for Multiplatforms,...

HDF5 H5FS__sinfo_serialize_sect_cb function buffer overflow vulnerability

HDF5 Hierarchical Data Format version 5 is an open source library and file format for storing and organizing large amounts of data. A buffer overflow vulnerability exists in the HDF5 H5FSsinfoserializesectcb function. The vulnerability stems from the function failing to properly check buffer...

PCMan FTP Server ENC Command Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP software. PCMan FTP Server suffers from a buffer overflow vulnerability, which originates from ENC Command Handler, that can be exploited by an attacker to submit a special request that can crash the application and cause a denial of service...

PCMan FTP Server EPRT Command Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP software. PCMan FTP Server suffers from a buffer overflow vulnerability, which originates from the EPRT Command Handler, that can be exploited by an attacker to submit a special request resulting in a denial of service...

Langflow Remote Code Execution Vulnerability

Langflow is Langflow open source a visualization framework for building multi-agent and RAG applications . A remote code execution vulnerability exists in Langflow that can be exploited by an attacker to send a crafted HTTP request to execute arbitrary code...

Adobe ColdFusion License Issue Vulnerability (CNVD-2025-09272)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an authorization issue vulnerability, the vulnerability stems from the failure to...

TOTOLINK X18 Code Execution Vulnerability

The TOTOLINK X18 is a gigabit router from China's Gion Electronics. A code execution vulnerability exists in the TOTOLINK X18. The vulnerability stems from sub410E54 in cstecgi.cgi and can be exploited by an attacker to execute arbitrary commands...

Comfast CF-616AC V2 of Shenzhen Sihai Zonglian Network Technology Co., Ltd. suffers from logic flaw vulnerability

Comfast CF-616AC V2 is a wireless router. Comfast CF-616AC V2 has a logic flaw vulnerability that can be exploited by an attacker to cause a denial of service...

Adobe Framemaker Null Pointer Dereference Vulnerability

Adobe Framemaker is a page layout software for writing and editing large or complex documents. A null pointer dereference vulnerability exists in Adobe Framemaker. The vulnerability originates from a null pointer dereference operation. An attacker could exploit this vulnerability to crash the...

Adobe After Effects Out-of-Bounds Write Vulnerability (CNVD-2025-12335)

Adobe After Effects is a professional software for creating motion graphics, visual effects and moving images. An out-of-bounds write vulnerability exists in Adobe After Effects. The vulnerability stems from the program failing to properly handle memory boundaries, resulting in data being written...

Adobe Framemaker heap buffer overflow (CNVD-2025-09271)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a heap buffer overflow vulnerability that stems from insufficient bounds checking,...

Adobe ColdFusion Input Validation Error Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An input validation error vulnerability exists in Adobe ColdFusion that stems from a failure to...

Improper Access Control Vulnerability in Tenda FH1202 (CNVD-2025-07508)

The Tenda FH1202 is a wireless router from China's Tenda. An improper access control vulnerability exists in the Tenda FH1202. The vulnerability stems from an improper access control issue in the /goform/qossetting file, which could lead to unauthorized access or modification. An attacker could u...

Adobe Media Encoder Heap Buffer Overflow Vulnerability (CNVD-2025-12336)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A security vulnerability exists in Adobe Media Encoder version 25.1 and versions 24.6.4 and earlier, which stems from a heap buffer overflow vulnerability that could lead to arbitrary code...

Wyse Management Suite Denial of Service Vulnerability

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints, including centralized management of Wyse endpoints, asset tracking and automated device discovery from Dell. A denial of service vulnerability exists in Wyse Management Suite for Dell. The vulnerability stems...

Adobe Photoshop Desktops Heap Buffer Overflow Vulnerability

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. A heap buffer overflow vulnerability exists in Adobe Photoshop Desktops. The vulnerability is due to a failure to perform strict checksums on memory...

AC1206 Buffer Overflow Vulnerability (CNVD-2025-07591) in Shenzhen Jixiang Tengda Technology Co.

Shenzhen Jixiang Tengda Technology Co., Ltd AC1206 is a high-performance wireless router designed for 200M and above broadband users. A buffer overflow vulnerability exists in the Shenzhen Jixiang Tengda Technology Company Limited AC1206. The vulnerability stems from the formfastsettingwifiset...

PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10874)

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from an unknown feature in the EPSV command processor. No detailed vulnerability details are provided at this time...

Huawei HarmonyOS Memory Write Privilege Bypass Vulnerability

Huawei HarmonyOS is a new distributed operating system developed by Huawei for the Internet of Everything era. It aims to provide a unified operating platform for multiple devices, breaking the device limitations of traditional operating systems and creating a cross-device, cross-platform...

Unauthorized Access Vulnerability in H3C M60 of Xinhua San Technologies Co.

H3C M60 is a new generation of enterprise-grade, high-performance wireless AP manager from Xinhua San. An unauthorized access vulnerability exists in the H3C M60 of Xinhua San Technologies, which can be exploited by attackers to obtain sensitive information...

SQL injection vulnerability in CRM of Zhengzhou Jane Xin Software Technology Co.

Ltd. is a professional enterprise management platform and ecological enterprise service provider in China, focusing on marketing, consulting, research, implementation, training and service of enterprise-level management software CRM/HRM/OA/ERP, etc., and is committed to providing one-stop digital...

SQL Injection Vulnerability in Family Service Management Cloud Platform of Wuhan Jin Tongfang Technology Co.

Wuhan Jin Tongfang Technology Co., Ltd. is a company that provides informatization solutions for the mother and child service industry. There is a SQL injection vulnerability in the family service management cloud platform of Wuhan Golden Tongfang Technology Co. Ltd, which can be exploited by...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05133)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability due to .zip files being processed through TryZipProviderSafe, which can be exploited by an attacker to cause the creation of files with other extensions...

TOTOLINK A6000R Command Injection Vulnerability

The TOTOLINK A6000R is a high performance wireless router. A command injection vulnerability exists in TOTOLINK A6000R. The vulnerability stems from the mishandling of the apclicancelwps function, and no detailed vulnerability details are provided at this time...

Tenda FH1202 Improper Access Control Vulnerability

The Tenda FH1202 is a wireless router manufactured by Tenda in China. An improper access control vulnerability exists in the Tenda FH1202. The vulnerability stems from improper access control due to the handling of the file /goform/wrlwpsset. An attacker can exploit this vulnerability to launch a...

AC23 Denial of Service Vulnerability in Shenzhen Jixiang Tengda Technology Co.

The AC23 is a wireless router that provides high-speed wireless network connectivity. A denial of service vulnerability exists in the AC23 of Shenzhen Jixiang Tengda Technology Co. The vulnerability stems from improper handling of the getuid parameter by the /goform/VerAPIMant component. An...

Dell PowerProtect Data Domain Access Control Vulnerability

Dell PowerProtect Data Domain is a data protection storage appliance from Dell Technologies, built on the Data Domain platform and designed for building a resilient foundation for networks and enabling rapid data recovery. An access control vulnerability exists in Dell PowerProtect Data Domain,...

Tenda AC10 Stack Overflow Vulnerability

The Tenda AC10 is a home wireless router that provides wireless network connectivity and management. A stack overflow vulnerability exists in the Tenda AC10. The vulnerability stems from the improper handling of the list parameter in the ShutdownSetAdd function in the /goform/ShutdownSetAdd file...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10608)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Bus Pass Management System view-pass-detail.php File SQL Injection Vulnerability

Bus Pass Management System is a bus pass management system. Bus Pass Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the viewid parameter of the view-pass-detail.php file. An attacker can exploit this...

Microsoft Windows USB Print Driver Elevation of Privilege Vulnerability

Microsoft Windows USB Print Driver is a USB printer device driver provided by Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows USB Print Driver, which can be exploited by an attacker to elevate privileges...

Microsoft Visual Studio Elevation of Privilege Vulnerability

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. An elevation of privilege vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to elevate...