Linux kernel null pointer dereference vulnerability (CNVD-2025-05381)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from a failure to check the nextbuffer return value, which could result in a null pointer...

Linux kernel null pointer dereference vulnerability (CNVD-2025-05378)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from not checking the nfpappctrlmsgalloc return value, which could lead to a null pointer...

Linux kernel null pointer dereference vulnerability (CNVD-2025-05382)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from not properly handling unconnected sockets, which could lead to a null pointer dereference. An...

Linux kernel resource management error vulnerability (CNVD-2025-05375)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in the Linux kernel that stems from a device not being properly freed when destroying a network namespace, which could lead to...

Linux kernel post-release reuse vulnerability (CNVD-2025-05314)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a reuse-after-release vulnerability that stems from an unset device release function, which could lead to reuse-after-release. An attacker could...

Linux kernel improper locking vulnerability (CNVD-2025-05316)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an improper locking vulnerability that stems from the use of spinlock in an interruptible context, which could lead to a deadlock. The vulnerability c...

SQL Injection Vulnerability in UFIDA BIP of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

Linux kernel out-of-bounds write vulnerability (CNVD-2025-05383)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds write vulnerability that stems from multiple calls to dellink when deleting network namespaces, resulting in a corrupted list. Th...

Linux kernel competitive conditions vulnerability (CNVD-2025-05380)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Condition Problem vulnerability that stems from a competitive condition problem during session lookup and expiration. An attacker can...

Linux kernel use-after-release vulnerability (CNVD-2025-05377)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a use-after-release vulnerability that originates from adding pages to be released to the LRU when migrating a device, which could lead to memory...

Tenda RX3 Buffer Overflow Vulnerability (CNVD-2025-09163)

The Tenda RX3 is a home wireless router from Tenda, a Chinese company. The Tenda RX3 suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

Tenda RX3 Buffer Overflow Vulnerability (CNVD-2025-09162)

The Tenda RX3 is a home wireless router from Tenda, a Chinese company. The Tenda RX3 suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...

Tenda RX3 Buffer Overflow Vulnerability (CNVD-2025-09161)

The Tenda RX3 is a home wireless router from Tenda, a Chinese company. The Tenda RX3 suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause the web server to crash, resulting in a denial of service...

NVIDIA Riva Access Control Error Vulnerability

NVIDIA Riva is a fully accelerated conversational AI application framework released by NVIDIA for building multimodal conversational AI services that use end-to-end. NVIDIA Riva suffers from an Access Control Error vulnerability that can be exploited by an attacker to tamper with data and cause a...

NVIDIA Riva riva_quickstart Access Control Error Vulnerability

NVIDIA Riva is a fully accelerated conversational AI application framework released by NVIDIA for building multimodal conversational AI services using end-to-end. An access control error vulnerability exists in NVIDIA Riva rivaquickstart, which can be exploited by an attacker to submit a special...

Zoom Workplace Apps Heap Buffer Overflow Vulnerability

Zoom Workplace Apps is an enterprise-grade collaboration platform that combines video conferencing, team collaboration, AI assistance, and other features for hybrid office scenarios. Zoom Workplace Apps suffers from a heap buffer overflow vulnerability that stems from the program not properly...

Ivanti Secure Access Client Elevation of Privilege Vulnerability

Ivanti Secure Access Client is a security software client from Ivanti. An elevation of privilege vulnerability exists in Ivanti Secure Access Client that stems from insufficient privilege limitations and can be exploited by an attacker to elevate privileges...

Zoom Workplace Apps Buffer Overflow Vulnerability

Zoom Workplace Apps is an enterprise-grade collaboration platform that combines video conferencing, team collaboration, AI assistance, and other features for hybrid office scenarios. Zoom Workplace Apps suffers from a buffer overflow vulnerability that stems from certain applications not properly...

Tenda RX3 /goform/setPptpUserList Buffer Overflow Vulnerability

The Tenda RX3 is a dual-band WiFi 6 home wireless router from China's Tenda. The Tenda RX3 /goform/setPptpUserList handles a buffer overflow vulnerability in the list parameter, which can be exploited by an attacker to submit a special request that can crash the service program and cause a denial...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-08319)

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from a failure to properly account for the length of an environment variable when copying user-controlled environment variable data to an internal buffer, resulting in an...

Sante PACS Server EVP_DecryptUpdate Buffer Overflow Vulnerability

Sante PACS Server is a medical image management software developed for doctors to view CT in their daily consultations and improve the diagnosis rate. A buffer overflow vulnerability exists in the Sante PACS Server WEB service's EVPDecryptUpdate function that handles usernames and passwords, whic...

Logic Flaw Vulnerability in ZKTime Attendance Management System at Entropy Base Technology Co.

Ltd. is a global provider of products and solutions based on "People, Vehicles and Things" access time and security management system. A logic flaw exists in the ZKTime Time and Attendance Management System of Entropy Base Technology, which can be exploited by attackers to obtain sensitive...

SQL Injection Vulnerability in Xunrui CMS of Sichuan Xunrui Cloud Software Development Co.

Swift CMS is a content management framework based on CodeIgniter4, which is mainly used for website construction and content management. Sichuan Xunrui Cloud Software Development Co., Ltd. Xunrui CMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive...

Weak Password Vulnerability in Neusoft NetEye Firewall Software at Neusoft Group Corp.

Neusoft NetEye Firewall Software is a next-generation firewall product that integrates several cutting-edge security technologies. Neusoft NetEye Firewall Software has a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

Logic flaw vulnerability in ECShop of Shanghai ShangPai Network Technology Co.

ECShop is a B2C independent online store system, suitable for businesses and individuals to quickly build a personalized online store. Ltd. ECShop has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

Adobe InDesign null pointer dereference vulnerability (CNVD-2025-05249)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe InDesign version ID20.1, ID19.5.2 and earlier versions, which can be exploited by an attacker to cause a denial of service in the applicatio...

WordPress Google News Editors Picks Feed Generator plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

SAP NetWeaver Application Server Information Disclosure Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. An information disclosure vulnerability exists in SAP NetWeaver Application Server ABAP, which can be exploited by an attacker with administrative or user directory privileges to disclose data and compromise program...

WordPress Responsive Google Map plugin suffers from an unspecified vulnerability (CNVD-2025-05453)

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05212)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05209)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Designer Heap Buffer Overflow Vulnerability (CNVD-2025-05204)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Designer 1.15.0 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Designer Null Pointer Dereference Vulnerability

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Designer 1.15.0 and prior versions, which can be exploited by an attacker to cause the application to crash, resulting in a denial of service conditio...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05201)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer versions and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Designer Heap Buffer Overflow Vulnerability (CNVD-2025-05199)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Designer 14.1 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2025-05250)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe InDesign ID20.1, ID19.5.2 and earlier versions, which can be exploited by an attacker to cause arbitrary code execution...

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2025-05246)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

MonetDB Server SQL Injection Vulnerability

MonetDB is MonetDB open source an open source column-oriented relational database management system . A SQL injection vulnerability exists in the expref component of MonetDB version 11.49.1, which can be exploited by an attacker to cause a denial of service via a specially crafted SQL statement...

SAP NetWeaver Application Server ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server ABAP is an application server from SAP for running ABAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP that originates from allowing malicious scripts to be executed within the application. An attacker can exploi...

Adobe InDesign Out-of-Bounds Write Vulnerability (CNVD-2025-05692)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe InDesign Out-of-Bounds Write Vulnerability (CNVD-2025-05690)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

ZTE GoldenDB elevation of privilege vulnerability (CNVD-2025-10903)

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An elevation of privilege vulnerability exists in ZTE GoldenDB, which...

ZTE GoldenDB Unauthorized Access Vulnerability (CNVD-2025-10902)

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An unauthorized access vulnerability exists in ZTE GoldenDB, which stems...

ZTE GoldenDB Unauthorized Access Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An unauthorized access vulnerability exists in ZTE GoldenDB, which stems...

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2025-12338)

Adobe Acrobat is the United States of America Odo than Adobe company's set of software suite used to create, edit, view and print PDF Portable Document Format files. A security vulnerability exists in Adobe Acrobat, which stems from an out-of-bounds read issue that can be exploited by an attacker...

WordPress amoCRM WebForm plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin amoCR...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-05688)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe Illustrator Out-of-Bounds Read Vulnerability (CNVD-2025-05687)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to obtain sensitive information...

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2025-16324)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A buffer overflow vulnerability exists in Adobe Acrobat Reader 24.001.30225, 20.005.30748, 25.001.20428 and prior versions, which stems from uninitialized pointer...

Fortinet FortiADC Cross-Site Scripting Vulnerability (CNVD-2025-27463)

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...