130931 matches found
coolLabs Coolify Command Injection Vulnerability
Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. A command injection vulnerability exists in coolLabs Coolify that stems from a failure to properly filter constructed command special characters, commands, etc. when changing the name of a project when creating or...
coolLabs Coolify Denial of Service Vulnerability
Coolify is an open source and self-hosted alternative to Heroku/Netlify/Vercel. coolLabs Coolify suffers from a denial of service vulnerability that stems from the fact that any authenticated user can revoke any team invitation on an instance by simply providing a predictable incremental ID, whic...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-02824)
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...
Centreon SQL Injection Vulnerability (CNVD-2025-03203)
Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. An SQL injection vulnerability exists in Centreon centreon-web, which stems from the application's lack...
Unspecified Vulnerability in LunaSVG (CNVD-2025-04485)
LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG, which stems from the inclusion of a segmentation violation found via the component compositionsourceover. No detailed vulnerability details are provided at this time...
Unspecified Vulnerability in LunaSVG (CNVD-2025-04484)
LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from the inclusion of a segmentation violation found via the component grayrecordcell. No detailed vulnerability details are provided at this time...
Unspecified Vulnerability in LunaSVG (CNVD-2025-04486)
LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from a containment segmentation violation found via the component plutovgpathaddpath. No detailed vulnerability details are provided at this time...
IBM Planning Analytics File Upload Vulnerability
IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. A file upload vulnerability exists in IBM Planning Analytics that stems fr...
IBM Common Licensing Information Disclosure Vulnerability
IBM Common Licensing is a license management solution from International Business Machines IBM. IBM Common Licensing suffers from an information disclosure vulnerability that stems from storing user credentials in plain plaintext, which can be exploited by an attacker to cause them to be readable...
IBM Cognos Mobile Client Trust Management Issue Vulnerability
IBM Cognos Mobile Client is a mobile application for the IBM Cognos BI platform from International Business Machines IBM. IBM Cognos Mobile Client suffers from a trust management issue vulnerability that stems from a lack of certificate fixing, which can be exploited by an attacker to cause...
IBM Maximo Application Suite SQL Injection Vulnerability
IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An SQL injection vulnerability exists in IBM Maximo Application Suite. The vulnerability stems from the...
IBM Maximo Application Suite Input Validation Error Vulnerability
IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. IBM Maximo Application Suite has an input validation error vulnerability that stems from not neutralizin...
IBM Maximo Application Suite Cross-Site Scripting Vulnerability (CNVD-2025-02820)
IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 9.0.0. The...
IBM Analytics Content Hub Buffer Overflow Vulnerability
The IBM Analytics Content Hub is a clean streaming experience from International Business Machines IBM that visualizes relevant analytics content by extracting content from IBM and other analytics providers. IBM Analytics Content Hub suffers from a buffer overflow vulnerability that stems from...
IBM Cloud Pak System Information Disclosure Vulnerability (CNVD-2025-02817)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...
IBM Cloud Pak System Path Traversal Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. A path traversal vulnerability exists in IBM Cloud...
Unspecified Vulnerability in SunGrow WiNet-S
SunGrow WiNet-S is a LAN communication module from SunGrow, China. A security vulnerability exists in SunGrow WiNet-S version V200.001.00.P027 and prior versions, which can be exploited by an attacker to decrypt all firmware updates...
Unspecified Vulnerability in LunaSVG (CNVD-2025-04483)
LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from the component blendtransformedtiledargb.isra.0 containing a segmentation violation. No detailed vulnerability details are provided at this time...
Unspecified vulnerability in LunaSVG (CNVD-2025-04482)
LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG that stems from the discovery of a containment allocation size oversize error via the component plutovgsurfacecreate. No detailed vulnerability details are provided at this time...
Nanjing Guanbao Technology Development Co., Ltd. safety education and training information system has information leakage vulnerability
Nanjing Tube Bao Technology Development Co., Ltd. is a high-tech enterprise focusing on computer hardware and software research and development, sales, service and system integration. There is an information leakage vulnerability in the security education and training information system of Nanjin...
File Upload Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.
Shanghai Shangxun Information Technology Co., Ltd. is a leading provider specializing in information security technology. A file upload vulnerability exists in the Operations and Maintenance Management and Audit System of Shanghai Shangxun Information Technology Company Limited, which can be...
Apache Hadoop Code Injection Vulnerability
Apache Ambari is an application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A code injection vulnerability exists in Apache Hadoop. The vulnerability is due to a vulnerability in the Ambari...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02436)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server that can be exploited by an attacker to cause MySQL Server to hang or crash frequently and...
Magma null pointer dereference vulnerability (CNVD-2025-15069)
Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...
Microsoft Excel Code Problem Vulnerability (CNVD-2025-02829)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code issue vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain functionality...
Mattermost Mobile Apps Denial of Service Vulnerability (CNVD-2025-11092)
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A denial of service vulnerability exists in Mattermost Mobile Apps that stems from a failure to properly validate post props, which can be exploited by an attacker to cause the application to crash...
Mattermost Mobile Apps Denial of Service Vulnerability (CNVD-2025-11094)
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A denial of service vulnerability exists in Mattermost Mobile Apps that stems from the application failing to properly handle specially crafted attachment names. An attacker could use this vulnerability to cause the...
IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2025-02830)
IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web ...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2025-02828)
Microsoft Office is a widely used office software suite that includes Word, Excel, PowerPoint, Visio, and other components that provide document editing, data analysis, presentation creation, and more. A remote code execution vulnerability exists in Microsoft Office Visio, which arises due to Use...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2025-02827)
Microsoft Office is a widely used office software suite that contains a variety of applications such as Word, Excel, PowerPoint and Visio. A remote code execution vulnerability exists in Microsoft Office Visio, which arises due to the use of incompatible types when accessing resources type...
Microsoft Access Remote Code Execution Vulnerability (CNVD-2025-02826)
Microsoft Access is a database management system widely used to create and manage database applications. A remote code execution vulnerability exists in Microsoft Access that originates from a Heap-based Buffer Overflow. An attacker could exploit this vulnerability to execute arbitrary code via...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02310)
Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit the vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...
Dell Display Manager Competitive Conditions Vulnerability
Dell Display Manager is a software for managing and adjusting Dell monitor settings. A competitive condition vulnerability exists in versions of Dell Display Manager prior to 2.3.2.20, which arises because shared resources are not properly synchronized during installation. An attacker could use...
Mattermost Mobile Apps Denial of Service Vulnerability (CNVD-2025-11093)
Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. Mattermost Mobile Apps suffers from a denial of service vulnerability that stems from a failure to properly validate post attributes. An attacker could exploit the vulnerability to cause the application to crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02308)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02306)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server. An attacker can exploit the vulnerability to read a subset of MySQL Server accessible data...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02324)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02305)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02440)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02434)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02325)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit the vulnerability to update, insert, or delete access to some...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02321)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02320)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02313)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02309)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02433)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Dell VxRail Plaintext Storage Password Vulnerability
Dell VxRail is a hyper-converged infrastructure HCI solution jointly designed by Dell Technologies and VMware, optimized for VMware workloads for virtualized applications, cloud computing and hybrid cloud management. Dell VxRail suffers from a plaintext storage password vulnerability that could b...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30358)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a specially crafte...
Linksys E8450 action parameter buffer overflow vulnerability
The Linksys E8450 is an E-series wireless router from Linksys USA. A buffer overflow vulnerability exists in the Linksys E8450 v1.2.00.360516, which originates when action parameters are copied to the stack without length validation, and can be exploited by a remote attacker to execute arbitrary...
Linksys E8450 id_email_check_btn Command Injection Vulnerability
The Linksys E8450 is a router from Linksys USA. A command injection vulnerability exists in the Linksys E8450 v1.2.00.360516, which stems from idemailcheckbtn failing to correctly filter constructed command special characters, commands, and more. An attacker can exploit this vulnerability to caus...