Adobe Substance 3D Designer memory misreference vulnerability (CNVD-2025-05206)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance 3D Designer version 1.15.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the current user environment...

Adobe Substance 3D Designer Out-of-Bounds Read Vulnerability (CNVD-2025-05205)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Designer version 1.15.0 and prior versions, which can be exploited by attackers to cause a sensitive memory leak...

Cisco IOS XR Software CLI Local Elevation of Privilege Vulnerability

Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. A local elevation of privilege vulnerability exists in the Cisco IOS XR Software CLI. The vulnerability is due to insufficient validation of user parameters passed to specific CLI...

ZTE GoldenDB Improper Privilege Management Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An improper privilege management vulnerability exists in ZTE GoldenDB...

ZTE GoldenDB Input Validation Error Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An input validation error vulnerability exists in ZTE GoldenDB, which...

Adobe Acrobat Reader buffer overflow vulnerability (CNVD-2025-05566)

Adobe Acrobat is the United States of America Odo than Adobe company's set of software suite used to create, edit, view and print PDF Portable Document Format files. A security vulnerability exists in Adobe Acrobat, which originates from an out-of-bounds read and can be exploited by an attacker t...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05208)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Designer Heap Buffer Overflow Vulnerability (CNVD-2025-05207)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05213)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Illustrator Null Pointer Dereference Vulnerability (CNVD-2025-05685)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause a denial of service...

Adobe InDesign Out-of-Bounds Write Vulnerability (CNVD-2025-05691)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

ZTE GoldenDB Elevation of Privilege Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An elevation of privilege vulnerability exists in ZTE GoldenDB, which...

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2025-16322)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A buffer overflow vulnerability exists in Adobe Acrobat Reader 24.001.30225, 20.005.30748, 25.001.20428 and earlier versions, which originates from an out-of-bounds...

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2025-16321)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a buffer error vulnerability that can be exploited by an attacker to cause arbitrary code execution...

Unspecified Vulnerability in Adobe Illustrator (CNVD-2025-05318)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator versions 29.2.1, 28.7.4 and earlier, which originates from a stack buffer overflow that can be exploited by an attacker to cause arbitra...

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2025-16323)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A buffer overflow vulnerability exists in Adobe Acrobat Reader 24.001.30225, 20.005.30748, 25.001.20428 and earlier versions, which stems from uninitialized pointer...

Adobe Illustrator Untrusted Search Path Vulnerability

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An untrusted search path vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code...

Adobe InDesign Null Pointer Dereference Vulnerability (CNVD-2025-05248)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A null pointer dereference vulnerability exists in Adobe InDesign ID20.1, ID19.5.2 and earlier versions, which can be exploited by an attacker to cause a denial of service in the application...

MonetDB Server SQL Injection Vulnerability (CNVD-2025-05227)

MonetDB is MonetDB open source an open source column-oriented relational database management system . A SQL injection vulnerability exists in the expvaluessetsupertype component of MonetDB version 11.49.1, which can be exploited by an attacker to cause a denial of service via a specially crafted...

Adobe Substance 3D Designer Heap Buffer Overflow Vulnerability (CNVD-2025-05211)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer heap buffer overflow vulnerability can be exploited by an attacker to execute arbitrary code in the context of the current user...

MonetDB Server SQL Injection Vulnerability

MonetDB is MonetDB open source an open source column-oriented relational database management system . A SQL injection vulnerability exists in the expscard component of MonetDB version 11.49.1, which can be exploited by an attacker to cause a denial of service via a specially crafted SQL statement...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05202)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer version 10.1.2 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the curren...

Adobe Substance 3D Designer Heap Buffer Overflow Vulnerability (CNVD-2025-05210)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. Adobe Substance 3D Designer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe InDesign Out-of-Bounds Write Vulnerability (CNVD-2025-05693)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Adobe Substance 3D Designer Out-of-Bounds Write Vulnerability (CNVD-2025-05200)

Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer 14.1 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Illustrator Out-of-Bounds Read Vulnerability (CNVD-2025-05689)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to obtain sensitive information...

Fortinet FortiSandbox Operating System Command Injection Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an operating system command injection...

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2025-05247)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

MRCMS Product Cross-Site Scripting Vulnerability

MRCMS is a content management system. A cross-site scripting vulnerability exists in MRCMS, which stems from insufficient filtering of operations on parameter names/paths, allowing an attacker to inject malicious scripts. The vulnerability can be exploited to inject malicious scripts, which will ...

Tenda TX3 setstaticRoutecfg function buffer overflow vulnerability

Tenda TX3 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda TX3 16.03.13.11multi, which originates when the parameter list of goform /setstaticRoutecfg fails to correctly validate the length of the input data, and can be exploited by an attacker t...

Samsung Notes SPen String Out-of-Bounds Read Vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. An out-of-bounds read vulnerability exists in Samsung Notes, which originates from an out-of-bounds read in the SPen string read, and can be exploited by an attacker ...

NocoDB Cross-Site Scripting Vulnerability (CNVD-2025-05387)

NocoDB is an open source Airtable alternative. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb to a smart spreadsheet. A cross-site scripting vulnerability exists in NocoDB versions prior to 0.258.0, which stems from the lack of effective filtering and escaping of user-supplied data...

ZZCMS Cross-Site Scripting Vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS version 2025, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter $SERVER PHPSELF , and can be exploited by an attacker to...

IBM FlashSystem Code Execution Vulnerability

IBM FlashSystem is a family of high-performance all-flash and hybrid flash storage solutions from International Business Machines IBM. A code execution vulnerability exists in IBM FlashSystem that stems from improper restriction of the RPCAdapter service and can be exploited by remote attackers t...

IBM EntireX Information Disclosure Vulnerability (CNVD-2025-05562)

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. An information disclosure vulnerability exists in IBM EntireX version 11.1 that originates from the...

Unspecified Vulnerability in IBM EntireX

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A security vulnerability exists in IBM EntireX version 11.1, which stems from a security issue that can...

Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2025-05231)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security vulnerability exists in several Mozilla products that stems...

Unspecified Vulnerability in Mozilla Firefox for iOS (CNVD-2025-05232)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for iOS that originates from an unrecognized QR code link. An attacker could exploit this vulnerability potentially causing integrity to be compromise...

Tenda TX3 openschedwifi function buffer overflow vulnerability

The Tenda TX3 is a wireless router from the Chinese company Tenda. Tenda TX3 16.03.13.11multi suffers from a buffer overflow vulnerability, which stems from the failure of the goform /openschedwifi parameters schedStartTime/schedEndTime to correctly validate the length of the input data, which ca...

TRENDnet TEW-929DRU /cbi_addcert.htm page cross-site scripting vulnerability

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the configname parameter of the /cbiaddcert.htm page, which can be exploited ...

Cisco Content Security Management Appliance Access Authentication Error Vulnerability

Cisco Content Security Management Appliance SMA is a set of content security management equipment from Cisco Cisco. The appliance is mainly used to manage all policies, reports, audit information, etc. for e-mail and Web security devices. The Cisco Content Security Management Appliance has an...

Samsung Galaxy Wearable Access Control Error Vulnerability

Samsung Galaxy Wearable is an official app from the South Korean company Samsung SAMSUNG that is used to manage and connect Samsung's smart wearable devices. Samsung Galaxy Wearable suffers from an Access Control Error vulnerability that stems from improper access control, and no detailed...

D-Link DAP-1562 Null Pointer Dereference Vulnerability

The D-Link DAP-1562 is a wireless bridge from China's AUO D-Link. The D-Link DAP-1562 suffers from a null pointer dereference vulnerability, which originates from a null pointer dereference to parameter a1 in the HTTP POST Request Handler's function pureauthcheck, for which no detailed...

Samsung Notes jpeg image parsing out-of-bounds read vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. An out-of-bounds read vulnerability exists in Samsung Notes, which stems from a lack of proper validation of user-supplied data when parsing jpeg images, and can be...

TRENDnet TEW-929DRU Hardcoded Password Vulnerability

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a hard-coded password vulnerability that can be exploited by an attacker to log in as root...

WordPress Master Slider plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Master...

WordPress Hero Mega Menu plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress Awesome Import & Export plugin license issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

Siemens Simcenter Femap Memory Corruption Vulnerability

Simcenter Femap is an advanced simulation application for creating, editing and checking finite element models of complex products or systems. A memory corruption vulnerability exists in Siemens Simcenter Femap, which originates when the application reads a file in .NEU format, and can be exploit...

Tenda tx3 Buffer Overflow Vulnerability

The Tenda tx3 is a wireless router from the Chinese company Tenda. The Tenda tx3 suffers from a buffer overflow vulnerability that originates from the parameter list of goform/setpptpuserlist failing to properly validate the length size of the input data, which can be exploited by an attacker to...