GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-08322)

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from a buffer overflow problem contained in reading the BFS file system. An attacker could exploit this vulnerability to cause a denial of service...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-08323)

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from an integer overflow flaw found in GRUB2's BFS file system driver. No detailed vulnerability details are provided at this time...

GNU GRUB2 Out-of-Bounds Write Vulnerability (CNVD-2025-08320)

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from an out-of-bounds write vulnerability that stems from a flaw found in the HFS file system. No details of the vulnerability are provided at this time...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-08321)

GRUB2 is a multiple bootloader for the GNU Project. A buffer overflow vulnerability exists in GNU GRUB2, which stems from the fact that when reading a tar file, GRUB2 allocates an internal buffer for the filename, and does not properly validate the allocation for a possible integer overflow. An...

Google Chrome Buffer Overflow Vulnerability (CNVD-2025-05393)

Google Chrome is a WEB browser developed by Google Inc. A security vulnerability exists in Google Chrome, which can be exploited by remote attackers to submit a special Web request that induces the user to parse and can be used in an application context to execute arbitrary code...

Google Chrome Buffer Overflow Vulnerability (CNVD-2025-05392)

Google Chrome is a WEB browser developed by Google Inc. A security vulnerability exists in Google Chrome, which can be exploited by remote attackers to submit a special Web request that can be tricked into being parsed by the user, which can crash the application or execute arbitrary code in the...

Google Chrome Browser UI Incorrectly Implemented Vulnerability

Google Chrome is a WEB browser developed by Google Inc. An incorrect implementation vulnerability exists in the Google Chrome Browser UI. An attacker can exploit this vulnerability to submit a special web request to perform UI spoofing...

Google Chrome Path Traversal Vulnerability

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a path traversal vulnerability that is caused by an error in DevTools. An attacker can exploit the vulnerability to bypass file access restrictions...

Google Chrome Out-of-Bounds Read Vulnerability (CNVD-2025-12384)

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to potentially perform out-of-bounds memory access via specially crafted PDF files...

TOTOLINK EX1800T setRebootScheCfg OS Command Injection Vulnerability

TOTOLINK EX1800T is a wireless repeater from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from an OS command injection vulnerability that originates from the setRebootScheCfg contained in /cgi-bin/cstecgi.cgi, and no details of the vulnerability are provided at this time...

TOTOLINK EX1800T setDmzCfg OS Command Injection Vulnerability

TOTOLINK EX1800T is a wireless repeater from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from an OS command injection vulnerability that originates from the setDmzCfg contained in /cgi-bin/cstecgi.cgi, and no details of the vulnerability are provided at this time...

QNAP QTS and QNAP QuTS hero command injection vulnerability (CNVD-2025-17595)

QNAP QTS is a Linux-based NAS operating system launched by QNAP, providing an intuitive and easy-to-use graphical interface and powerful data management features. QNAP QuTS hero is an operating system launched by QNAP specifically for enterprise-level applications, adopting the ZFS file system,...

Google Chrome Media Stream Incorrectly Implemented Vulnerability

Google Chrome is a WEB browser developed by Google Inc. An incorrectly implemented vulnerability exists in Google Chrome Media Stream, which can be exploited by attackers to obtain sensitive information...

QNAP QTS and QNAP QuTS hero out-of-bounds write vulnerability

QNAP QTS is a Linux-based NAS operating system launched by QNAP, providing an intuitive and easy-to-use graphical interface and powerful data management features. QNAP QuTS hero is an operating system launched by QNAP specifically for enterprise-level applications, adopting the ZFS file system,...

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

Google Chrome Profiles Memory Misreference Code Execution Vulnerability

Google Chrome is a WEB browser developed by Google Inc. A memory misreference code execution vulnerability exists in Google Chrome Profiles, which can be exploited by an attacker to submit a special Web request and trick the user into parsing it, which can crash the application or execute arbitra...

Google Chrome Security Bypass Vulnerability (CNVD-2025-12383)

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a security bypass vulnerability, which is caused due to improper implementation in Select. An attacker can exploit the vulnerability to bypass security restrictions...

QNAP QTS and QNAP QuTS hero double release vulnerability

QNAP QTS is a Linux-based NAS operating system launched by QNAP, providing an intuitive and easy-to-use graphical interface and powerful data management features. QNAP QuTS hero is an operating system launched by QNAP specifically for enterprise-level applications, adopting the ZFS file system,...

Samsung Notes parses bmp out-of-bounds write vulnerability

Samsung Notes is a simple and easy to use cell phone notepad software, support for all Samsung models to install and use. Samsung Notes suffers from an out-of-bounds write vulnerability, which originates from bmp image parsing, no details of the vulnerability are available at this time...

Tenda AC15 Buffer Overflow Vulnerability (CNVD-2025-09165)

The Tenda AC15 is a wireless router from the Chinese company Tenda. The Tenda AC15 suffers from a buffer overflow vulnerability that stems from improper handling of the parameter src, no details of the vulnerability are provided at this time...

TOTOLINK EX1800T setWiFiExtenderConfig OS Command Injection Vulnerability

TOTOLINK EX1800T is a wireless repeater from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from an OS command injection vulnerability, which stems from the incorrect operation of the function setWiFiExtenderConfig parameter apcliKey and key, and no detailed vulnerability details...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

Cisco TelePresence Management Suite is a video server management program developed by Cisco. Cisco TelePresence Management Suite suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script or HTML code, which can be used to obtain sensitive...

Ubiquiti UniFi Protect Cameras Post-Release Reuse Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. \ Ubiquiti UniFi Protect Cameras suffers from a post-release reuse vulnerability that can be...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05056)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

TOTOLINK X18 Command Injection Vulnerability

TOTOLINK X18 is a Gigabit router from China's Gion Electronics TOTOLINK. The TOTOLINK X18 suffers from a command injection vulnerability that stems from the mtkhnatEnable parameter of the setMtknatCfg function of the /cgi-bin/cstecgi.cgi file that does not filter command parameters. No details of...

IBM Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A cross-site scripting vulnerability exists in IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 and 5.0.0, which stems from...

Tenda TX3 Router Buffer Overflow Vulnerability

Tenda TX3 is a wireless router from Tenda that provides internet connectivity. A buffer overflow vulnerability exists in Tenda TX3 router version 16.03.13.11multi, which originates from improper handling of the deviceList parameter in the /goform/setMacFilterCfg file. No detailed vulnerability...

IBM Cognos Controller Weak Password Vulnerability

IBM Cognos Controller is a corporate performance management CPM software for financial consolidation, reporting and analysis. A weak password vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.1.0, which stems from the fact that the system does not require users to set stron...

Tenda AC7 Stack Overflow Vulnerability (CNVD-2025-05237)

The Tenda AC7 is a wireless router manufactured by Tenda. A stack overflow vulnerability exists in the formSetFirewallCfg function of the /goform/SetFirewallCfg file in Tenda AC7 15.03.06.44 and earlier versions when handling the firewallEn parameter, which stems from the program failing to check...

Apache StreamPipes elevation of privilege vulnerability (CNVD-2025-05698)

Apache StreamPipes is an open source self-service industrial IoT toolkit that enables users to connect, analyze and explore IIoT data streams. A security vulnerability exists in Apache StreamPipes version 0.95.1 and earlier, which stems from a lack of filtering and sloppy validation of resource...

NETGEAR DGN2200 Privilege Issue Vulnerability

The NETGEAR DGN2200 is a wireless router from NETGEAR. The NETGEAR DGN2200 is vulnerable to a privilege issue. An attacker can exploit the vulnerability by adding "?x=1.gif" to the requested URL to be recognized as authenticated...

TOTOLINK EX1800T Buffer Overflow Vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The Totolink EX1800T suffers from a buffer overflow vulnerability that stems from the loginAuth function failing to properly validate the length and size of input data, which can be exploited by an attacker to...

D-Link DAP-1562 Stack Buffer Overflow Vulnerability

The D-Link DAP-1562 is a wireless bridge from China's AUO D-Link. A security vulnerability exists in the D-Link DAP-1562 version 1.10, which stems from a stack buffer overflow in the HTTP Header Handler, which could lead to a remote attack. An attacker can exploit the vulnerability to execute...

Esri ArcGIS Server File Inclusion Vulnerability

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A file inclusion vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by a remote, unauthenticated attacker to read internal files due to a failure...

Esri ArcGIS Server Path Traversal Vulnerability

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A path traversal vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which stems from the program failing to properly filter for special elements in the path of a resour...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05080)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3 that stems from the application's lack of effective filtering and escaping of user-supplied dat...

Esri ArcGIS Server Access Control Error Vulnerability

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. An Access Control Error vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which stems from improper access control and can be exploited by a remote, low-privilege...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05078)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05076)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05075)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05074)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05072)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create specially crafted links that, when clicked, may execute...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05063)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05062)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05061)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05060)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05059)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05058)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server SQL Injection Vulnerability (CNVD-2025-05054)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. Esri ArcGIS Server suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this...

SQL Injection Vulnerability in UFIDA U8CRM at UFIDA Network Technology Co.

UFIDA U8CRM is a professional business management software. A SQL injection vulnerability exists in UFIDA U8CRM, which can be exploited by attackers to obtain sensitive information from the database...