UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-72551)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

Unspecified vulnerability in WordPress plugin metasync

WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin metasync, which stems from a...

WordPress Plugin Simple User Registration Access Control Error Vulnerability

WordPress is a set of blogging platform developed using the PHP language, the platform has the ability to set up a personal blog site on a server based on PHP and MySQL, WordPress plugin is an application plugin. An access control error vulnerability exists in the WordPress plugin Simple User...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69427)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-69425)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

SQL Injection Vulnerability in SQLBot of Hangzhou Feizhiyun Information Technology Co.

SQLBot is an intelligent questioning system based on large models and RAG. Hangzhou Feizhiyun Information Technology Co., Ltd SQLBot suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...

Information Leakage Vulnerability in E3 Omni-Channel Central Platform of Shanghai Esaote Software Co.

E3 Omni-Channel Middle is an omni-channel new retail solution product for medium and large enterprises. Ltd. E3 Omni-Channel Middleware suffers from an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...

StudioCMS Information Disclosure Vulnerability (CNVD-2026-18155)

StudioCMS is StudioCMS open source a content management system . StudioCMS suffers from an information disclosure vulnerability that stems from the presence of corrupted object-level authorization in the content management functionality, which can be exploited by an attacker to cause a user with...

Mozilla Firefox Code Execution Vulnerability (CNVD-2026-11797)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability due to a use-after-release in the Layout: Scroll and Overflow component. An attacker can exploit this vulnerability to execute arbitrary code...

Delta Electronics DIAView Command Injection Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics, mainly used in SCADA systems. A command injection vulnerability exists in Delta Electronics DIAView, which can be exploited by an attacker to execute arbitrary commands on the system...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16681)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server that can be exploited by attackers to cause a denial of service...

Rockwell Automation CompactLogix 5370 Denial of Service Vulnerability

Rockwell Automation CompactLogix 5370 is a programmable logic controller from Rockwell Automation. The Rockwell Automation CompactLogix 5370 suffers from a denial of service vulnerability that originates from sending a malformed CIP forward open message, which can be exploited by an attacker to...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which can be exploited by an attacker to cause a denial of service due to an unexpected reboot of the device during...

Tenda AX1806 sub_4C408 function stack overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 sub4C408 function, which can be exploited by an attacker to cause a denial of service...

Tenda W30E Information Disclosure Vulnerability

The Tenda W30E is a router from the Chinese company Tenda. The Tenda W30E suffers from an information disclosure vulnerability that can be exploited by an attacker to cause credential disclosure...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11753)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error and can be exploited by attackers to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11750)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient enforcement of new policies on the network, which can be exploited by an attacker to obtain potentially sensitive information via web log files...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11752)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation in Blink, which can be exploited by attackers to bypass security restrictions...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10852)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected reboot of the device during execution of the Achilles EtherNet/IP Step Limits Storms...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11754)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error in split-screen view, which can be exploited by an attacker to bypass security restrictions...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10850)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which stems from the device being unresponsive during fuzzing tests using Defensics, and can be exploited by an attacker...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10849)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected device reboot during the execution of the Achilles Comprehensive limited storm test,...

WordPress Plugin WP FullCalendar Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP FullCalendar, which...

WordPress Plugin CubeWP - All-in-One Dynamic Content Framework Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...

WordPress Plugin Cargus Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Cargus, which originates...

WordPress Plugin Contact Form 7 GetResponse Extension Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Contact Form 7 GetRespon...

Tenda AX1803 Buffer Overflow Vulnerability (CNVD-2026-10638)

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. The Tenda AX1803 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the GetWifiGuestBasic function of the /goform/WifiGuestSet file. An attacker could exploit this vulnerability to execute...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10851)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from a device reboot during execution of the Achilles Comprehensive step limit storm test, and can be...

MedDream PACS Premium Cross-Site Scripting Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the sendOruReport feature. An attacker could exploit the...

IBM Aspera Console Log Message Disclosure Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. IBM Aspera Console suffers from a log information disclosure vulnerability that originates from the storage of...

IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2026-10656)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is from a...

NVIDIA CUDA toolkit gfx_hotspot module command injection vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. The NVIDIA CUDA toolkit suffers from an operating system command injection vulnerability that stems from the failure of the gfxhotspot module of...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16627)

Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL for MySQL Server and MySQL Cluster, which can be exploited by attackers to cause a denial of service...

IBM ApplinX Unauthorized Access Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10854)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from a device losing ICMP connectivity while performing a Burp Suite active scan, and can be exploited ...

Google Chrome Security Bypass Vulnerability (CNVD-2026-11755)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...

IBM Licensing Operator Elevation of Privilege Vulnerability

IBM Licensing Operator is a component of International Business Machines IBM that automates the collection of management data. An elevation of privilege vulnerability exists in IBM Licensing Operator that can be exploited by an attacker to cause a local elevation of privilege within a container...

WordPress Plugin Booking Ultra Pro Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Booking Ultra Pro, which...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16629)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability in Oracle MySQL's MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0 can be exploited ...

WordPress Plugin ABG Rich Pins Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ABG Rich Pins, no detailed...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16631)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...

IBM Concert Information Disclosure Vulnerability (CNVD-2026-10661)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...

IBM Concert Information Disclosure Vulnerability (CNVD-2026-10662)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16630)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16628)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a partial...

Google Chrome Code Execution Vulnerability (CNVD-2026-11751)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...

WordPress Plugin WP Directory Kit Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP Directory Kit has an information disclosure vulnerability, the vulnerabilit...

IBM ApplinX Information Disclosure Vulnerability (CNVD-2026-10653)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An information disclosure vulnerability exists in IBM ApplinX, which can be exploited by attackers to obtain sensitive information...

IBM ApplinX Cross-Site Scripting Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause credential disclosure...