IBM SPSS Statistics Encryption Problem Vulnerability

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

JetBrains GoLand Code Issue Vulnerability

JetBrains GoLand is a set of intelligent IDE Integrated Development Environment dedicated to Go language development from the Czech company JetBrains. A code issue vulnerability exists in JetBrains GoLand that stems from a networked system or product that does not have the correct filters set up ...

AC8 Buffer Overflow Vulnerability (CNVD-2025-07594) in Shenzhen Jixiang Tengda Technology Co.

Shenzhen Jixiang Tengda Technology Co., Ltd AC8 is a wireless router. Shenzhen Jixiang Tengda Technology Co., Ltd AC8 has a buffer overflow vulnerability, the vulnerability stems from the sub47D878 function's src parameter fails to correctly validate the length of the input data size, an attacker...

GPT Academic path traversal vulnerability (CNVD-2025-22731)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a path traversal vulnerability that can be exploited by an attacker to disclose sensitive information...

GPT Academic crazy_utils.get_files_from_everything function server-side request forgery vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. A server-side request forgery vulnerability exists in the GPT Academic crazyutils.getfilesfromeverything function, which can be exploited by an attacker to cause unauthorized access to...

Doctor Appointment Management System check-appointment.php File SQL Injection Vulnerability

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata of /check-appointment.php. A...

ChuanhuChatGPT Access Control Error Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An access control error vulnerability exists in ChuanhuChatGPT version 20240802, which stems from improper handling of session data and lack ...

LibreChat Improper Access Control Vulnerability

LibreChat is an enhanced ChatGPT clone. LibreChat suffers from an Improper Access Control vulnerability that can be exploited by an attacker to corrupt application logic and permissions and allow unauthorized operations...

SAP Just In Time Elevation of Privilege Vulnerability

SAP Just In Time is an application from SAP Germany designed to enable efficient demand-driven production and logistics throughout the supply chain. An elevation of privilege vulnerability exists in SAP Just In Time, which stems from the OData service not performing the necessary privilege checks...

Pimcore SQL Injection Vulnerability

Pimcore is an open source data and experience management platform. A SQL injection vulnerability exists in Pimcore. The vulnerability stems from the fact that an authenticated user can construct filter strings that lead to SQL injection, which can be exploited by an attacker to execute arbitrary...

SQL Injection Vulnerability in UFIDA U8 CRM at UFIDA Network Technology Co.

UFIDA U8 CRM is a customer relationship management solution from UFIDA. A SQL injection vulnerability exists in UFIDA U8 CRM, which can be exploited by attackers to obtain sensitive information from the database...

Moodle Cross-Site Scripting Vulnerability (CNVD-2025-09240)

Moodle is an open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle. The vulnerability stems from insufficient cleanup and leads to a cross-site scripting...

Moodle Permission Issues Vulnerability (CNVD-2025-10589)

Moodle is an open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A permission issue vulnerability exists in Moodle. The vulnerability stems from a permission check that does not properly consider grouping...

Mattermost Desktop App Permission Misconfiguration Vulnerability

Mattermost Desktop App is a cross-platform desktop collaboration tool based on the Electron framework, supporting Windows, macOS and Linux systems, designed for team collaboration. A privilege misconfiguration vulnerability exists in Mattermost Desktop App. The vulnerability stems from declaring...

Zoom Workplace App for iOS Denial of Service Vulnerability

Zoom Workplace App for iOS is an AI-first collaboration platform from Zoom Communications designed for iOS devices. A denial of service vulnerability exists in Zoom Workplace App for iOS, which stems from a misordered behavioral sequence, and can be exploited by an attacker to cause a denial of...

Moodle Cross-Site Scripting Vulnerability

Moodle is an open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle. The vulnerability stems from insufficient cleanup and leads to a cross-site scripting...

Binary Vulnerability in H3C Magic R3000 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technology Co.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A binary vulnerability exists in the H3C Magic R3000 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technologies Limited, which can be exploited by attackers to bypass login restrictions...

GeoVision ASManager Windows Application Credentials Disclosure Vulnerability

GeoVision ASManager GV-ASManager is an access control system developed by the Chinese company GeoVision. A credential disclosure vulnerability exists in the GeoVision ASManager Windows Application due to improper memory handling in the ASManagerService.exe process. An attacker can exploit this...

Bank Locker Management System edit-subadmin.php?said=3 File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter mobilenumber in the /edit-subadmin.php?said=3 file can lead to SQL injection. No details of the...

GNU GRUB Buffer Overflow Vulnerability (CNVD-2025-08311)

GNU GRUB is a Linux system boot program from the GNU community. A buffer overflow vulnerability exists in GRUB. The vulnerability stems from the fs/hfs module containing an integer overflow issue that results in heap-based out-of-bounds writes. An attacker can exploit this vulnerability to execut...

IIOP Deserialization Remote Code Execution Vulnerability in Kingdee Apusic Application Server of Kingdee Software (China) Co.

Kingdee Apusic Application Server AAS is an enterprise-level middleware, which fully supports JakartaEE specification, provides Web, EJB, WebService containers, and adapts to domestic hardware and software, and is used to support the operation of enterprise-level applications. A remote code...

Vercel Next.js Privilege Bypass Vulnerability

Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...

Cisco IOS XR Data Forgery Issue Vulnerability

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. Cisco IOS XR suffers from a data forgery vulnerability that stems from insufficient module validation during software loading, which could be exploited by an attacker to launch...

Schneider Electric EcoStruxure Power Automation System User Interface Authorization Issue Vulnerability

Schneider Electric EcoStruxure Power Automation System User Interface is a Schneider Electric user interface software for power automation systems from Schneider Electric France. It is used for operators to interact with the power automation system to improve operational efficiency. The Schneider...

Tenda RX3 Buffer Overflow Vulnerability

Tenda RX3 is a dual-band WiFi 6 home wireless router from Tenda China. It is used for home network coverage and supports high-speed wireless connection. The Tenda RX3 suffers from a buffer overflow vulnerability, which originates from the firewallEn parameter in /goform/SetFirewallCfg that fails ...

Open5GS Denial of Service Vulnerability (CNVD-2025-08793)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited by an attacker to send a switching request to cause the AMF to crash, resulting in a denial of...

Dell NetWorker Open Redirect Vulnerability

Dell NetWorker is an application from Dell USA Inc. Provides forum discussion features for Dell Inc. Dell NetWorker suffers from an open redirection vulnerability that stems from the system not handling target jumps appropriately, no details of the vulnerability are available at this time...

Google Chrome Resource Management Error Vulnerability (CNVD-2025-06054)

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a resource management error vulnerability that can be exploited by an attacker to execute arbitrary code...

JetBrains Runtime Code Issue Vulnerability

JetBrains Runtime JBR is a Czech JetBrains company based on OpenJDK designed specifically for JetBrains products runtime environment . Used to run JetBrains platform products , to provide an optimized Java running experience . JetBrains Runtime has a code issue vulnerability that originates from ...

Cisco IOS XR Input Validation Error Vulnerability (CNVD-2025-15799)

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. A security vulnerability exists in Cisco IOS XR that stems from the incorrect handling of malformed IPv4 packets, which can be exploited by an attacker to cause a line card reset,...

Unspecified Vulnerability in JetBrains Ktor

JetBrains Ktor is a web framework for building asynchronous servers and clients in Kotlin from the Czech company JetBrains. Used to create microservices, Web applications , etc., build RESTful API. JetBrains Ktor suffers from a security vulnerability that stems from the occurrence of an HTTP...

Tenda W18E wifiPwd Stack Overflow Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda W18E /goform/setModules handling of the wifiPwd parameter, which can be exploited by an attacker to submit a special request that can crash the application and cause a denial of...

Tenda W18E wifiSSID stack overflow vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda W18E /goform/setModules handling of the wifiSSID parameter, which can be exploited by an attacker to submit a special request that can crash the application and cause a denial of...

Tenda RX3 SetPptpServerCfg Buffer Overflow Vulnerability

Tenda RX3 is a dual-band WiFi 6 home wireless router from Tenda China. It is used for home network coverage and supports high-speed wireless connection. The Tenda RX3 suffers from a SetPptpServerCfg buffer overflow vulnerability, which originates from the startIp and endIp parameters in...

Delta Electronics CNCSoft-G2 Input Validation Error Vulnerability

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. An input validation error vulnerability exists in Delta Electronics CNCSoft-G2 version 2.1.0.16 and prior versions, which can be exploited by an attacker to execute code in the current process...

Binary Vulnerability in NX15 of Xinhuanet Technologies Ltd.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A binary vulnerability exists in NX15 of Xinhua San Technologies Limited, which can be exploited by attackers to gain control of a server...

Open Panel Elevation of Privilege Vulnerability

Open Panel is an open source game server control panel. An elevation of privilege vulnerability exists in Open Panel. An attacker can exploit this vulnerability to escalate privileges via the Fix Privileges feature...

Command Execution Vulnerability in MaxKB at Hangzhou Feizhiyun Information Technology Co.

MaxKB is an open source knowledge base Q&A system based on big language model and RAG under Hangzhou Feizhiyun Information Technology Co. MaxKB has a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands...

SAP Netweaver Application Server ABAP Information Disclosure Vulnerability

SAP Netweaver Application Server ABAP is a core component of the SAP system, responsible for business processing and data interaction. An information disclosure vulnerability exists in SAP Netweaver Application Server ABAP, which stems from failure to perform required authorization checks and can...

SAP BusinessObjects Business Intelligence Platform Code Injection Vulnerability

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...

Blind SQL Injection Vulnerability in ChurchCRM FRBidSheets.php Page

ChurchCRM is an open source church management system. ChurchCRM suffers from a blind SQL injection vulnerability that stems from a time-based SQL blind injection vulnerability in the CurrentFundraiser GET parameter of the FRBidSheets.php page. An attacker can exploit this vulnerability to perform...

Fortinet FortiManager and Fortinet FortiManager Cloud Command Injection Vulnerabilities

Fortinet FortiManager and Fortinet FortiManager Cloud are both products of Fortinet, a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify...

SAP NetWeaver Application Server Java Authorization Issues Vulnerability

SAP NetWeaver Application Server Java is an application server from SAP. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java, which arises from the program not properly checking the authorization of the service endpoint, no details of the vulnerability are availab...

SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability (CNVD-2025-07611)

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. An information disclosure vulnerability exists in SAP BusinessObjects Business Intelligence Platform, which can be exploited by an attacker to hijack a session, access and modify sensitive data ...

Zoom Workplace Post-Release Reuse Vulnerability

Zoom Workplace is an AI-first collaboration platform from Zoom that integrates core features such as team communication, meetings, document collaboration, and a built-in AI Companion smart assistant to boost productivity. A post-release reuse vulnerability exists in Zoom Workplace. The...

Google Android heap buffer overflow vulnerability (CNVD-2025-15179)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a heap buffer overflow vulnerability, which is caused due to a flaw in a system component. An attacker can exploit the vulnerability to execute arbitrary code on the system...

SAP NetWeaver AS SQL Injection Vulnerability (CNVD-2025-07612)

SAP NetWeaver AS is a SAP web application server from SAP, Germany. SAP NetWeaver AS suffers from a SQL injection vulnerability that originates from a program that does not properly check for authorization, which could be exploited by an attacker to gain control over data in an Informix database,...

Siemens SCALANCE LPE9403 Operating System Command Injection Vulnerability

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. The SCALANCE LPE9403 6GK5998-3GS00-2AC2 suffers from an operating system command injection vulnerability that originates...

Tenda RX3 Cache Overflow Vulnerability (CNVD-2025-08318)

Tenda RX3 is a dual-band WiFi home wireless router from China's Tenda. A buffer overflow vulnerability exists in Tenda RX3. The vulnerability originates from a buffer overflow in the schedStartTime and schedEndTime parameters in /goform/saveParentControlInfo, which can lead to a denial of service...

SQL Injection Vulnerability in DSS of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A SQL injection vulnerability exists in the DSS of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information fro...