130931 matches found
Google Pixel Buffer Overflow Vulnerability (CNVD-2025-03266)
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking in multiple functions of glproc.c, which can be exploited by an attacker to cause privilege escalation...
Microsoft Dynamics 365 Sales Elevation of Privilege Vulnerability
Microsoft Dynamics 365 Sales is a powerful tool designed to streamline and enhance the sales process, providing sales teams with the insights and data to build strong customer relationships and close deals effectively. An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Sales...
Microsoft Office Code Execution Vulnerability (CNVD-2025-04198)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Microsoft Office Code Execution Vulnerability (CNVD-2025-10664)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Chat System addnewmember.php File SQL Injection Vulnerability
Chat System is a chat system. Chat System has a SQL injection vulnerability that stems from a lack of sufficient input validation and cleanup of the parameter user in the file /user/addnewmember.php. An attacker could exploit this vulnerability to cause database information to be disclosed or...
Zoom Workplace App for Linux Denial of Service Vulnerability
Zoom Workplace App for Linux is a Linux application for enterprise communication and collaboration. A denial of service vulnerability exists in Zoom Workplace App for Linux, which stems from the application failing to properly handle specific network requests. An attacker could exploit the...
Zoom Workplace Apps Out-of-Bounds Write Vulnerability
Zoom Workplace Apps is an app for multiple platforms including Linux, macOS, Windows, iOS and Android. Zoom Workplace Apps suffers from an out-of-bounds write vulnerability that stems from the application failing to properly validate boundaries when processing a specific request. An attacker coul...
Zoom Workplace App for macOS Denial of Service Vulnerability
Zoom Workplace App for macOS is a video conferencing software designed for macOS, aiming to provide a stable and efficient remote collaboration experience. A denial of service vulnerability exists in Zoom Workplace App for macOS, which stems from improper link parsing when the installer handles...
Zoom Workplace Apps for Windows Elevation of Privilege Vulnerability
Zoom Workplace Apps for Windows is a professional video conferencing client, built for enterprise meetings, that is mobile and cloud-based. Zoom Workplace Apps for Windows suffers from an elevation of privilege vulnerability that stems from an untrusted search path in the installer. No details of...
Zoom Workplace App for Linux Elevation of Privilege Vulnerability
Zoom Workplace App for Linux is an application for enterprise communication and collaboration, offering features such as video conferencing, online meetings, chat and mobile collaboration. An elevation of privilege vulnerability exists in Zoom Workplace App for Linux, which stems from the...
Dell PowerProtect DD Stack Buffer Overflow Vulnerability
PowerProtect DD is a data protection and backup solution from Dell designed to provide efficient storage and data recovery. A stack buffer overflow vulnerability exists in Dell PowerProtect DD versions 7.13.1.10 and earlier and 7.10.1.40 and earlier, which stems from a failure to properly handle ...
Siemens SIPROTEC 5 Sensitive Information Plaintext Storage Vulnerability
SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other applications. A sensitive information plaintext storage vulnerability exists in Siemens SIPROTEC 5. The vulnerability arises because affected SIPROTEC 5 devices do...
Siemens Web Server User Enumeration Vulnerability in Various SIMATIC Products
SIMATIC Drive Controllers are designed for the automation of production machines, combining the functionality of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. The SIMATIC S7-1200 CPU products are...
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2025-23065)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...
Microsoft Azure Monitor Agent Elevation of Privilege Vulnerability (CNVD-2025-03436)
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. An elevation of privilege vulnerability exists in Microsoft Azure Monitor Agent, which stems from the presence of an elevation of privilege vulnerability. An attacker can exploit the...
Siemens SIMATIC S7-1200 CPU Family Denial of Service Vulnerability (CNVD-2025-03036)
SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. A denial of service vulnerability exists in Siemens SIMATIC S7-1200 CPU Family versions prior to V4.7, which can be...
Siemens SIMATIC S7-1200 CPU Family Denial of Service Vulnerability
SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and chemical industries. A denial of service vulnerability exists in Siemens SIMATIC S7-1200 CPU Family versions prior to V4.7, which can be...
Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-06657)
Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...
D-Link DHP-W310AV Authentication Bypass Vulnerability
The D-Link DHP-W310AV is a popular router device. The D-Link DHP-W310AV has an authentication bypass vulnerability that can be exploited by an attacker to bypass security restrictions and gain access to the system...
Google Chrome V8 Code Execution Vulnerability (CNVD-2025-05222)
Google Chrome is a WEB browser developed by Google Inc. A security vulnerability exists in Google Chrome V8, which can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the application context to execute arbitrary code...
IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06208)
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...
Google Chrome Out-of-Bounds Access Vulnerability
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an out-of-bounds access vulnerability that can be exploited by attackers to cause heap corruption via specially crafted HTML pages...
IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2025-06206)
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-18674)
Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...
Cisco Identity Services Engine Authorization Bypass Vulnerability (CNVD-2025-03530)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has an authorization bypass vulnerability that can be exploited by a remote attacker to submit a special request that can obtain sensitive information, modify...
IBM ApplinX Cross-Site Request Forgery Vulnerability
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, an...
Google Chrome DevTools Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome DevTools, which can be exploited by an attacker to execute arbitrary code...
Dell Networking Switches running Enterprise SONiC OS Log Information Disclosure Vulnerability
Dell Networking Switches running Enterprise SONiC OS is an open-source based network operating system from Dell, designed for data center and cloud computing scenarios, supporting a unified network architecture from edge to core to cloud. A log information disclosure vulnerability exists in Dell...
Apple macOS Sequoia Information Disclosure Vulnerability (CNVD-2025-19513)
Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from an information disclosure vulnerability that is caused due to an information disclosure issue in the FaceTime component when using a specially crafted application. An attacker can...
Apple macOS Sequoia CoreMedia File Parsing Denial of Service Vulnerability
Apple macOS Sequoia is an operating system from the American company Apple Apple. A denial of service vulnerability exists in Apple macOS Sequoia CoreMedia file parsing, which can be exploited by attackers to cause a denial of service...
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2025-03275)
Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a memory corruption vulnerability that can be exploited by a remote attacker to submit a special Web request, which induces the user to parse it, and can be used in the context of the application to execute arbitrary code...
Unspecified vulnerability in CMSimple (CNVD-2026-02647)
CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to submit a special request to obtain sensitive source code, leading to the disclosure of sensitive information...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2025-19515)
Apple macOS Sequoia is an operating system from Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer from Apple Inc. A denial of service vulnerability exists in several Apple products, which can be exploited by...
Apple macOS Sequoia and Apple macOS Sonoma Denial of Service Vulnerabilities
Apple macOS Sequoia and Apple macOS Sonoma are both operating systems from the American company Apple. Apple macOS Sequoia and Apple macOS Sonoma contain a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...
IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06207)
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...
Cisco Identity Services Engine Code Issue Vulnerability (CNVD-2025-03531)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API has a code issue vulnerability that can be exploited by a remote attacker to submit a special request that can execute arbitrary commands with elevated...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2025-03533)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Cisco Identity Services Engine WEB interface, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be use...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2025-03532)
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Cisco Identity Services Engine WEB interface, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be use...
DELL PowerProtect DD Path Traversal Vulnerability
DELL PowerProtect DD is a family of data protection storage appliances from Dell, built on the Data Domain platform and designed for enterprise-level users. The DELL PowerProtect DD suffers from a path traversal vulnerability that can be exploited by an attacker to illegally overwrite operating...
Dell PowerProtect DD Elevation of Privilege Vulnerability
Dell PowerProtect DD is Dell's data protection solution for backing up and restoring data. A security vulnerability exists in Dell PowerProtect DD. An attacker could exploit the vulnerability to cause elevation of privilege...
Denial of Service Vulnerability in Various festo Products
MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD,MSE6-E2M-5000-FB13-AGD,MSE6-E2M-5000-FB37-AGD and so on are industrial control components. A denial of service vulnerability exists in several festo products, which can be exploited by attackers to gain control of a server...
IBM App Connect Enterprise Certified Container Denial of Service Vulnerability (CNVD-2025-02814)
IBM App Connect Enterprise Certified Container is an image of the IBM App Connect Enterprise software product based on the International Business Machines IBM, Inc. The package is provided as an executable file that can be deployed and run in a containerized environment. A security vulnerability...
Open5GS ogs_kdf_hash_mme function denial of service vulnerability
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS 2.6.4 and earlier versions, which stems from a reachable assertion in the ogskdfhashmme function, and can be exploited ...
Open5GS Denial of Service Vulnerability (CNVD-2025-03154)
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a security vulnerability that can be exploited to cause a denial of service by an attacker who sends an "Initial UE Message" that lacks the required...
Open5GS nas_eps_send_emm_to_esm function denial of service vulnerability
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.6.4 and earlier, which originates from a reachable assertion in the nasepssendemmtoesm function, and can be...
Open5GS mme_ue_find_by_imsi function denial of service vulnerability
Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS 2.6.4 and earlier versions, which stems from a reachable assertion in the mmeuefindbyimsi function, and can be exploite...
Open5GS Denial of Service Vulnerability (CNVD-2025-03199)
Open5GS is Open5GS open source an open source implementation of 5G Core and Epc in C, the core network of the Lte/Nr network. A security vulnerability exists in Open5GS, which can be exploited by an attacker to send a "UE Functional Information Indication" message missing the required mmeues1apid...
Logic flaw vulnerability in H5S video platform of ZeroVision Technology (Shanghai) Co.
ZeroVision Technology Shanghai Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. ZeroVision Technologies Shanghai Ltd. H5S video platform has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information and create...
Hospital Management System index.php File Cross-Site Scripting Vulnerability
Hospital Management System a PHP and MySQL based hospital management system. Hospital Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Email parameter of /doctor/index.php, which can be...
Hospital Management System /edit-profile.php File Cross-Site Scripting Vulnerability
Hospital Management System a PHP and MySQL based hospital management system. Hospital Management System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in /edit-profile.php, which can be exploited by an...