130931 matches found
Unauthorized Access Vulnerability in KingH5Stream of Beijing Asian Control Technology Development Co.
Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. An unauthorized access vulnerability exists in...
Unauthorized Access Vulnerability in Kingh5stream of Beijing Asian Control Technology Development Co.
Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. An unauthorized access vulnerability exists in...
Dell NativeEdge Elevation of Privilege Vulnerability
Dell NativeEdge is a software provided by Dell for managing and configuring network devices. A security vulnerability exists in Dell NativeEdge. An attacker could exploit the vulnerability to locally access the system with low privileges, resulting in elevated privileges...
IBM Engineering Lifecycle Optimization-Engineering Insights Information Disclosure Vulnerability
IBM Engineering Lifecycle Optimization - Engineering Insights ENI is a collaborative, Web-based application from IBM. An information disclosure vulnerability exists in IBM Engineering Lifecycle Optimization - Engineering Insights. The vulnerability is due to the fact that the affected version cou...
DELL NativeEdge Information Disclosure Vulnerability (CNVD-2025-1751479)
DELL NativeEdge is an edge operations software platform from Dell Technologies designed to simplify the deployment, management and secure scaling of edge computing environments. An information disclosure vulnerability exists in DELL NativeEdge. An attacker could exploit this vulnerability to caus...
Hospital Management System index.php File SQL Injection Vulnerability
Hospital Management System a hospital management system. Hospital Management System has a SQL injection vulnerability that originates from the manipulation of username/password parameters in the login component of the /admin/index.php file. No details of the vulnerability are available at this ti...
Dell ECS Buffer Overflow Vulnerability
Dell ECS Elastic Cloud Storage is an enterprise-class cloud-scale object storage platform from Dell Technologies. A buffer overflow vulnerability exists in Dell ECS. The vulnerability is due to an arithmetic overflow in the ECS's retention period processing. An attacker could exploit the...
TOTOLINK A3002R Remote Code Injection Vulnerability
The TOTOLINK A3002R is a wireless dual-band Gigabit router. A remote code injection vulnerability exists in the TOTOLINK A3002R. The vulnerability is due to the ability to execute remote code in /bin/boa via formWsc in the affected version. An attacker can exploit this vulnerability to remotely...
Google Chrome Type Obfuscation Vulnerability (CNVD-2025-1712275)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type obfuscation vulnerability that stems from the presence of type obfuscation in V8. No detailed vulnerability details are provided at this time...
Google Vertex AI Information Disclosure Vulnerability
Google Vertex AI is a Google Cloud console tool from Google USA for rapid prototyping and testing of generative AI models. Google Vertex AI suffers from an information disclosure vulnerability that stems from the application's inadequate protection of sensitive information, which can be exploited...
Apple macOS Information Disclosure Vulnerability (CNVD-2025-10915)
Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS suffers from an information disclosure vulnerability that can be exploited by an attacker to view protected content from a login window...
Fortinet FortiWLM Path Traversal Vulnerability (CNVD-2024-4963848)
Fortinet FortiWLM is a wireless manager from Fortinet, Inc. Fortinet FortiWLM suffers from a path traversal vulnerability that stems from the program failing to properly filter for specific elements in the path to a resource or file. An attacker could use this vulnerability to execute unauthorize...
Fortinet FortiManager Operating System Command Injection Vulnerability
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...
Adobe ColdFusion path traversal vulnerability (CNVD-2025-0256230)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability, which arises when the program fails to...
Google Android elevation of privilege vulnerability (CNVD-2025-02971)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Google Chrome Code Execution Vulnerability (CNVD-2025-00208)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2025-00306)
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics...
IBM Cognos Analytics Input Validation Error Vulnerability (CNVD-2025-00307)
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. An input validation...
IBM Security Directory Integrator Operating System Command Injection Vulnerability
IBM Security Directory Integrator is an integrated development environment and runtime service from International Business Machines IBM. IBM Security Directory Integrator suffers from an operating system command injection vulnerability that stems from the application's failure to properly filter...
IBM Storage Defender Plaintext Transfer Vulnerability
IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A plaintext transfer vulnerability exists in IBM Storage Defender versions 2.0.0 through 2.0.9, which stems from the presence of keys stored in plaintext and can be exploited by a...
IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2025-00312)
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. can help you automate more business and IT processes at scale with the ease and speed of traditional RPA. An information disclosure vulnerability exists in IBM Robotic Process Automati...
Discourse cross-site scripting vulnerability (CNVD-2024-4963986)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
IBM MQ Denial of Service Vulnerability (CNVD-2025-00308)
IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A denial of service vulnerability exists in IBM MQ versions 8.1.0 through 8.1.0.25, which stems from...
JetBrains TeamCity Image Name Cross-Site Scripting Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...
JetBrains TeamCity Information Disclosure Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...
Unspecified Vulnerability in JetBrains TeamCity
JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. A security vulnerability exists in JetBrains TeamCity that stems from an access token not being revoked after removing a user role. No details of the vulnerability are provided at th...
IBM Cognos Analytics File Upload Vulnerability (CNVD-2025-00968)
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics...
JetBrains TeamCity Content-Type Header Cross-Site Scripting Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
JetBrains TeamCity Unauthorized Access Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an unauthorized...
Unspecified Vulnerability in JetBrains TeamCity
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A security vulnerability exists in JetBrains...
JetBrains TeamCity Code Issue Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A code issue vulnerability exists in JetBrains...
JetBrains TeamCity Improper Access Control Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an improper access...
Dell Inventory Collector Incorrect Link Resolution Before File Access Vulnerability
Dell Inventory Collector is a tool provided by Dell for collecting device information, mainly used to collect system information such as hardware configuration, operating system version, service packs, and so on from client systems. Dell Inventory Collector suffers from an incorrect link resoluti...
IBM Security Guardium Server-Side Request Forgery Vulnerability
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium version 11.5 suffers from a server-si...
Discourse authorization issue vulnerability (CNVD-2024-4964085)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an authorization issue vulnerability that stems from improper privilege management of the Filter Email List feature in the...
IBM MQ Appliance Buffer Overflow Vulnerability (CNVD-2025-00311)
The IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from International Business Machines IBM. A buffer overflow vulnerability exists in IBM MQ Appliance versions 9.3 LTS, 9.3 CD, and 9.4 LTS, which originates when a message is written to...
Google Chrome Code Execution Vulnerability (CNVD-2025-00210)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by out-of-bounds memory access in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Google Chrome Code Execution Vulnerability (CNVD-2025-00209)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by an out-of-bounds write in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...
IBM Storage Defender Trust Management Issues Vulnerability
IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A trust management issue vulnerability exists in IBM Storage Defender versions 2.0.0 through 2.0.9, which stems from the resiliency service not properly validating certificates, a...
Google Chrome Code Execution Vulnerability (CNVD-2025-00207)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by type confusion in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Apache Traffic Control SQL Injection Vulnerability
Apache Traffic Control is the United States Apache Apache Foundation's set of distributed , scalable content delivery solutions. The product is mainly used to build large-scale content delivery network. Apache Traffic Control suffers from a SQL injection vulnerability that stems from a lack of...
Craft CMS Unauthenticated Remote Code Execution Vulnerability
Craft CMS is a user-friendly, web-based content management system for creating and managing website content. Craft CMS has a security vulnerability due to the opening of registerargcargv in the PHP configuration, which can be exploited by an attacker to execute arbitrary code and take control of...
JetBrains TeamCity Improper Access Control Vulnerability
JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an improper access control vulnerability that stems from allowing to view details of unauthorized agents. No detailed vulnerability details are provid...
PbootCMS Code Injection Vulnerability (CNVD-2025-0171060)
PbootCMS is PbootCMS open source an open source enterprise building content management system CMS developed using the PHP language. PbootCMS version 3.2.3 and earlier versions of the code injection vulnerability exists , the vulnerability stems from apps/home/controller/IndexController.php page t...
Dell PowerStore Parameter Injection Vulnerability
Dell PowerStore is a scalable all-flash array storage from Dell USA. The Dell PowerStore suffers from a parameter injection vulnerability that originates from improper parameter delimiter neutralization, which can be exploited by an attacker to modify arbitrary system files...
Foxit Reader 3D Page Object Memory Misreference Vulnerability
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader version 2024.3.0.26795, which arises from a messed up instruction in a 3D page object responsible for freeing memory. An attacker could use this vulnerability to cause...
Rockwell Automation Power Monitor 1000 Device Takeover Vulnerability
Rockwell Automation Power Monitor 1000 is a power monitor from Rockwell Automation. A security vulnerability exists in Rockwell Automation Power Monitor 1000 versions prior to 4.020, which can be exploited by an attacker to configure a new policyholder user without any authentication through the...
Unspecified vulnerability in Linux kernel (CNVD-2024-4921122)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel has a security vulnerability that can be exploited by attackers to cause resource exhaustion...
Unspecified vulnerability in Linux kernel (CNVD-2024-4920726)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that can be exploited by attackers to cause a system crash...
Unauthorized Access Vulnerability in StarRocks Database System of Beijing Mirror Boat Technology Co.
StarRocks database system is a new generation of open source extremely fast full-scene MPP Massively Parallel Processing database . There is an unauthorized access vulnerability in the StarRocks database system of Beijing Mirror Boat Technology Co. Ltd, which can be exploited by attackers to obta...