Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2025-03518)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...

Fortinet FortiClient Access Control Error Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An access control error vulnerability exists in Fortinet...

IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2025-04974)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

Google Android Intent.java file input validation error vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an input validation error vulnerability that stems from incorrect input validation in the parseUriInternal function of Intent.java, which can be exploited by an attacker to cause an infinite loop...

Google Android elevation of privilege vulnerability (CNVD-2025-05219)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-05220)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-14978)

Google Android is a free and open source mobile operating system developed by Google Inc. based on the Linux kernel. Google Android suffers from an elevation of privilege vulnerability, which stems from the RGXMMUCacheInvalidate contention condition in rgxmem.c, that can be exploited by an attack...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-03622)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which can be exploited by an attacker to bypass access restrictions...

IBM Aspera Faspex Information Disclosure Vulnerability (CNVD-2025-06209)

IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. An information disclosure vulnerability exists in IBM Aspera Faspex that stems from an observable response discrepancy that could be exploited by an attacker...

ABB FLXeon Log Message Disclosure Vulnerability

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon version 9.3.4 and prior versions suffer from a log information disclosure vulnerability that stems from the application's inadequate protection of sensitive information and can be exploited by an attacker to obtain sensiti...

ABB FLXeon Security Bypass Vulnerability

The ABB FLXeon is a series of controllers from ABB Switzerland. ABB FLXeon suffers from a security bypass vulnerability that stems from insufficient session management to prevent unauthorized HTTPS requests. No detailed vulnerability details are provided at this time...

Tenda W18E DelfaceBookPIC Function Buffer Overflow Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda W18E version 16.01.0.81625, which stems from a failure of the DelfaceBookPIC function to correctly validate the length of input data, and can be exploited by an attacker to execute...

Unspecified Vulnerability in Google Chrome (CNVD-2025-03649)

Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability that can be exploited by attackers to cause phishing attacks that spoof users...

Google Android elevation of privilege vulnerability (CNVD-2025-10931)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is due to a logic error in the code. An attacker can exploit the vulnerability to elevate privileges...

Ivanti CSA Path Traversal Vulnerability

Ivanti CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. The Ivanti CSA suffers from a path traversal vulnerability that arises when the program fails to properly filter special elements in the path of a resource o...

GNU Binutils Memory Corruption Vulnerability (CNVD-2025-09685)

GNU Binutils is a set of programming language utility programs developed by the American GNU community. A memory corruption vulnerability exists in GNU Binutils, which originates from the function bfdelfrelocsymboldeletedp in bfd/elflink.c. No details of the vulnerability are provided at this tim...

GNU Binutils format.c File Buffer Overflow Vulnerability

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...

GNU Binutils Buffer Overflow Vulnerability

GNU Binutils is a set of programming language utility programs developed by the American GNU community. A buffer overflow vulnerability exists in GNU Binutils. No details of the vulnerability are available at this time...

GNU Binutils Memory Corruption Vulnerability (CNVD-2025-09687)

GNU Binutils is a set of programming language utility programs developed by the American GNU community. A memory corruption vulnerability exists in GNU Binutils. No details of the vulnerability are available at this time...

GNU Binutils Memory Corruption Vulnerability (CNVD-2025-09688)

GNU Binutils GNU Binary Utilities is a set of programming language utilities developed by the American GNU community. A memory corruption vulnerability exists in GNU Binutils. The vulnerability originates from the function bfdelfgcmarkrsec in bfd/elflink.c. No details of the vulnerability are...

FreeBSD Information Disclosure Vulnerability (CNVD-2025-09230)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from an information disclosure vulnerability that is caused by a failure to properly assign privileges flaw. An attacker could exploit this vulnerability to access system files...

FreeBSD Buffer Overflow Vulnerability (CNVD-2025-09231)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from a buffer overflow vulnerability that stems from the implementation of VOPVPTOFH in the cd9660, tarfs, and ext2fs filesystems that causes the target FID buffer to overflow by 4 bytes, which can be...

GNU Binutils xmemdup.c file memory leak vulnerability

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-04681)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Intel QAT software untrusted pointer dereference vulnerability

Intel QAT software refers to the collection of software components that support Intel QuickAssist technology. An untrusted pointer dereference vulnerability exists in Intel QAT software, which can be exploited by an attacker to access compromised information via the local system...

GNU Binutils ldelfgen.c file memory leak vulnerability

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...

GNU Binutils nm.c File Buffer Overflow Vulnerability

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...

Dell NetWorker Code Execution Vulnerability

Dell NetWorker is an enterprise-class data protection solution offered by Dell as part of the Dell Data Protection Suite that supports the protection of critical workloads across heterogeneous environments. A code execution vulnerability exists in Dell NetWorker. An attacker could exploit the...

Apple macOS elevation of privilege vulnerability (CNVD-2025-05223)

Apple macOS is a specialized operating system developed by Apple for Mac computers. An elevation of privilege vulnerability exists in Apple macOS, which can be exploited by an attacker to gain elevated privileges...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-05708)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

Ivanti CSA OS Command Injection Vulnerability

Ivanti CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. The Ivanti CSA suffers from an OS command injection vulnerability that stems from the application failing to properly filter constructed command special...

Tenda AC6 Buffer Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. The Tenda AC6 suffers from a buffer overflow vulnerability that originates from the formexeCommand function failing to properly validate the length of input data, which can be exploited by an attacker to execute arbitrary code on...

Dell BSAFE Trust Management Issue Vulnerability

Dell BSAFE is a security software product from Dell, Inc. that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a variety of security goals for their applications. A trust management issu...

Samsung Blockchain Keystore Out-of-Bounds Read Vulnerability

Samsung Blockchain Keystore is a secure storage solution introduced by South Korea's Samsung SAMSUNG on its mobile devices to protect users' blockchain keys and digital assets. Samsung Blockchain Keystore suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to rea...

Adobe Illustrator Integer Latent Vulnerability

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator suffers from an integer latency vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

D-Link DIR-853 SetSysEmailSettings Module Buffer Overflow Vulnerability

The D-Link DIR-853 is a router from China's AUO D-Link. The D-Link DIR-853 suffers from a buffer overflow vulnerability that stems from the AccountPassword parameter in the SetSysEmailSettings module not properly handling user input. No details of the vulnerability are provided at this time...

GNU Emacs OS Command Injection Vulnerability

GNU Emacs is a family of text editors in the American GNU community. GNU Emacs suffers from an operating system command injection vulnerability that stems from mishandling of the custom "man" URI scheme, which can be exploited to execute arbitrary shell commands...

Google Android shouldSkipForInitialSUW function authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authorization issue vulnerability that stems from a lack of permission checking in the shouldSkipForInitialSUW function of AdvancedPowerUsageDetail.java, which can be exploited by an attacker ...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-04201)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

JetBrains TeamCity Kubernetes Information Disclosure Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...

Adobe InDesign Null Pointer Dereference Vulnerability (CNVD-2025-03638)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service in the application...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-03623)

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which can be exploited by an attacker to bypass intended security mechanisms by...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-03634)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which can be exploited by an attacker to cause a security feature bypass...

Google Android Input Validation Malpractice Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an improper input validation vulnerability that originates from improper input validation in Source of ZipFile.java, no details of the vulnerability are provided at this time...

Google Android elevation of privilege vulnerability (CNVD-2025-14977)

Google Android is a free and open source mobile operating system developed by Google Inc. based on the Linux kernel. Google Android suffers from an elevation of privilege vulnerability that stems from an obfuscated sub-sub-sub-sub-sub-sub-sub issue in the checkKeyIntent function of...

Adobe Illustrator Memory Misreference Vulnerability (CNVD-2025-04203)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to execute arbitrary code in the current user's environment...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-05695)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

Tenda W18E Authorization Issue Vulnerability (CNVD-2025-05370)

The Tenda W18E is a wireless router from the Chinese company Tenda. An authorization issue vulnerability exists in the Tenda W18E version 16.01.0.81625, which stems from improper authentication of the device and can be exploited by an attacker to gain administrative access by sending a specially...

Adobe InDesign Code Execution Vulnerability (CNVD-2025-03642)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A code execution vulnerability exists in Adobe InDesign that can be exploited by an attacker to execute arbitrary code in the current user's environment...

Adobe Commerce Path Traversal Vulnerability (CNVD-2025-05713)

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A path traversal vulnerability exists in Adobe Commerce that can be exploited by an attacker to potentially cause a security feature bypass...