Microsoft Windows Telephony Service Remote Code Execution Vulnerability (CNVD-2025-07784)

Microsoft Windows Telephony Service is based on IBinder to provide phone status and telephony services. A remote code execution vulnerability exists in Microsoft Windows Telephony Service, which can be exploited by an attacker to execute code on the target host...

Microsoft Windows Hello Security Feature Bypass Vulnerability (CNVD-2025-07780)

Microsoft Windows Hello is a more personalized and secure way to sign in to your Windows device. A security feature bypass vulnerability exists in Microsoft Windows Hello, which can be exploited by an attacker to bypass certain features...

Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability (CNVD-2025-07779)

The Microsoft Windows DWM Core Library is a core library in the Windows operating system. An elevation of privilege vulnerability exists in Microsoft Windows DWM Core Library, which can be exploited by an attacker to elevate privileges...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10511)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Office Elevation of Privilege Vulnerability (CNVD-2025-10662)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has an elevation of privilege vulnerability that can be exploited by an attacker to elevat...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10659)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10658)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10657)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10614)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

phpIPAM cross-site scripting vulnerability (CNVD-2025-06929)

phpIPAM is phpIPAM open source set of open source PHP and MySQL based IP address management application IPAM. phpIPAM suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10609)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10610)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Office Elevation of Privilege Vulnerability (CNVD-2025-10661)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has an elevation of privilege vulnerability that can be exploited by an attacker to elevat...

Microsoft Windows Telephony Service Remote Code Execution Vulnerability

Microsoft Windows Telephony Service is based on IBinder to provide phone status and telephony services. A remote code execution vulnerability exists in Microsoft Windows Telephony Service, which can be exploited by an attacker to remotely execute code...

Microsoft Office Code Execution Vulnerability (CNVD-2025-10660)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CNVD-2025-23058)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a remote code execution vulnerability that is caused by a type confusion flaw. An attacker could exploit the vulnerability to execute arbitrary...

Apache OFBiz Cross-Site Scripting Vulnerability (CNVD-2025-10035)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A cross-site scripting vulnerability exists in Apache OFBiz versions prior to 18.12.19, which stems from th...

Microsoft Edge for iOS Spoofing Vulnerability (CNVD-2025-23060)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for iOS has a spoofing vulnerability that can be exploited by attackers to conduct content spoofing attacks...

Patient Record Management System dental_form.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the validation of externally entered SQL statements that are missing from parameter itrno in the dentalform.php file. An attacke...

Microsoft Edge for iOS Spoofing Vulnerability (CNVD-2025-23061)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for iOS has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

Online Fire Reporting System /edit-guard-detail.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the validation of externally entered SQL statements that are missing from the editid parameter of the edit-guard-detail.php file. An...

e-Diary Management System search-result.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the searchdata parameter of the search-result.php file. An attacker ca...

Zoo Management System aboutus.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter pagetitle of the aboutus.php file. An attacker can exploit this vulnerability to execu...

Online Fire Reporting System search.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the searchdata parameter of the /admin/search.php file. An attacker can us...

Restaurant Table Booking System edit-subadmin.php file SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the parameter fullname of the edit-subadmin.php file. An attacke...

Patient Record Management System add_patient.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the validation of externally entered SQL statements that are missing from the parameter itrno in the addpatient.php file. An...

Patient Record Management System xray_print.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter itrno of the xrayprint.php file. The vulnerability ca...

e-Diary Management System login.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the logindetail parameter of the login.php file. An attacker can...

e-Diary Management System registration.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally typed SQL statement in the emailid parameter of the registration.php file. An attacker can...

Restaurant Table Booking System add-subadmin.php File SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the parameter fullname of the add-subadmin.php file. An attacker...

e-Diary Management System password-recovery.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter username/contactno of the password-recovery.php file. An...

e-Diary Management System dashboard.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category of the dashboard.php file. An attacker can...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24454)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability (CNVD-2025-07782)

The Microsoft Windows DWM Core Library is a core library in the Windows operating system. An elevation of privilege vulnerability exists in Microsoft Windows DWM Core Library, which can be exploited by an attacker to elevate privileges...

Hospital Management System doctor-specilization.php File SQL Injection Vulnerability

Hospital Management System a hospital management system. The Hospital Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter doctorspecilization of the file /admin/doctor-specilization.php. An...

Apache Answer Information Disclosure Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. An information disclosure vulnerability exists in Apache Answer 1.4.2 and earlier versions, which stems from a public method returning a private data structure, and can be exploited by an attacker to cause IP address disclosure...

MongoDB Server Denial of Service Vulnerability (CNVD-2025-15801)

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...

D-Link DI-8100 ipsec_road_asp function buffer overflow vulnerability

The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 16.07.26A1, which originates from the hostip parameter in the ipsecroadasp function failing to proper...

D-Link DI-8100 ipsec_net_asp function buffer overflow vulnerability

The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 16.07.26A1, which originates from the failure of the remoteip parameter in the ipsecnetasp function t...

StudentServlet-JSP Cross-Site Scripting Vulnerability

StudentServlet-JSP is a student course grades teacher information management system . StudentServlet-JSP has a cross-site scripting vulnerability , the vulnerability stems from the parameter Name on the user-supplied data lack of effective filtering and escaping , an attacker to exploit the...

ForestBlog keywords parameter cross-site scripting vulnerability

ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...

e-Diary Management System edit-category.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the Category parameter of the edit-category.php?id=8 file. An attacker ca...

College Management System File Upload Vulnerability

College Management System is a simple program. It is used to keep track of students, teachers, subjects, schedules and all things related to college. A file upload vulnerability exists in College Management System version 1.0, which stems from the lack of valid validation of the uploaded file by...

Microsoft Windows DWM Core Library Elevation of Privilege Vulnerability (CNVD-2025-07781)

The Microsoft Windows DWM Core Library is a core library in the Windows operating system. An elevation of privilege vulnerability exists in Microsoft Windows DWM Core Library, which can be exploited by an attacker to elevate privileges...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10925)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in Autofill. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10927)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in Custom Tabs. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10926)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in Downloads. An attacker can exploit the vulnerability to bypass security restrictions...

Patient Record Management System birthing_form.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the parameter birthid of the /birthingform.php file...

Patient Record Management System birthing_print.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the validation of externally entered SQL statements that is missing from the parameter itrno in the birthingprint.php file. The...

Patient Record Management System birthing_pending.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the birthingpending.php file's parameter birthid. An attacker can...