MedDream PACS Premium Arbitrary File Read Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. An arbitrary file read vulnerability exists in MedDream PACS Premium, which can be exploited by an attacker to cause arbitrary files to be read...

Microsoft Office Code Execution Vulnerability (CNVD-2026-16161)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16638)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0, which c...

NVIDIA CUDA toolkit code issue vulnerability

NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...

IBM Concert Code Issue Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a code issue vulnerability that stems from not validating the content of files uploaded to the web interface, which can be...

HCL AION Information Disclosure Vulnerability (CNVD-2026-16405)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability, which is due to cachable HTTP responses leading to accidental storage of sensitive or dynamic content. An attacker can exploit the vulnerability to gain access to sensiti...

HCL AION Security Bypass Vulnerability (CNVD-2026-16404)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused by a JWT token that expires too long increasing the risk of token misuse. An attacker can exploit the vulnerability to cause unauthorized access...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10667)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...

Unspecified Vulnerability in HCL AION (CNVD-2026-16407)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...

Unspecified Vulnerability in HCL AION (CNVD-2026-16410)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to use easy-to-guess passwords, leading to unauthorized access...

HCL AION Information Disclosure Vulnerability (CNVD-2026-16409)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to expose sensitive technical details, leading to information disclosure or assisting in further attacks...

Unspecified Vulnerability in HCL AION (CNVD-2026-16406)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused due to improper handling of host headers that enable host header injection. An attacker can exploit the vulnerability to allow malicious file uploads, resulting in...

HCL AION File Upload Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a file upload vulnerability that can be exploited by an attacker to upload malicious files leading to arbitrary code execution or system compromise...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10669)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10670)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the email failedjob feature. An attacker could exploit the...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11738)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the autoPurge feature. An attacker could exploit the...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11737)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the modifyUser feature. An attacker could exploit the...

NVIDIA Merlin Transformers4Rec Code Injection Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability that stems from incorrectly filtering input parameters, which can be exploited by a remote attacker t...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10668)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...

IBM ApplinX Data Forgery Issue Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...

NVIDIA NSIGHT Graphics Operating System Command Injection Vulnerability

NVIDIA NSIGHT Graphics is a GPU graphics debugging and performance analysis tool from NVIDIA. NVIDIA NSIGHT Graphics suffers from an operating system command injection vulnerability that stems from a lack of input validation, which can be exploited by attackers to cause code execution, elevation ...

GNU InetUtils Telnetd Remote Authentication Bypass Vulnerability

GNU InetUtils telnetd is a telnet service daemon in the GNU InetUtils suite that listens on TCP port 23 and provides clients with plaintext terminal access based on the Telnet protocol. A remote authentication bypass vulnerability exists in GNU InetUtils Telnetd, which can be exploited to bypass...

Huawei HarmonyOS Video Framework Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Video Framework module, which can be exploited by an attacker to cause...

Huawei HarmonyOS Multimode Input Module Double Release Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS multimode input module, which can be exploited by an attacker to cause input functionality to b...

Cyber Cafe Management System add-users.php Endpoint Cross-Site Scripting Vulnerability

Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the username parameter of the add-users.php endpoint not adequately handling the input, no details of the vulnerability are available at...

Huawei HarmonyOS Memo Module Privilege Control Vulnerability (CNVD-2026-13996)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...

Cyber Cafe Management System add-users.php Endpoint Cross-Site Scripting Vulnerability

Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the uadd parameter of the add-users.php endpoint not being sufficiently cleaned up or coded for user input, and for which no detailed...

Huawei HarmonyOS Memo Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...

Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2026-10858)

Adobe Substance 3D Modeler is a software focused on 3D sculpting that allows users to create 3D models in both desktop and VR environments using digital clay-like intuitive tools.... Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker ...

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10681)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server, which can b...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-08747)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to remotely execute code...

Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13992)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

Huawei HarmonyOS Thermal Management Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS thermal management module, which can be exploited by an attacker to caus...

Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13987)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...

ZTE MF258K Pro Configuration Flaw Vulnerability

The ZTE MF258K Pro is a 4G outdoor bridge kit from ZTE China. The ZTE MF258K Pro suffers from a configuration flaw vulnerability that stems from improperly set directory permissions, which can be exploited by an attacker to cause a write operation to be performed...

Adobe Dreamweaver License Issue Vulnerability

Adobe Dreamweaver is a professional web code editor and web development tool developed by Adobe. Adobe Dreamweaver suffers from an authorization issue vulnerability that can be exploited by attackers to execute arbitrary code on the system...

Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2026-11770)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a heap buffer overflow vulnerability that originates from a partial overwrite of heap memory, which can be exploited by an attacker to...

Adobe InDesign Out-of-Bounds Read Vulnerability (CNVD-2026-11767)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information...

Buffer overflow vulnerability in multiple Mozilla products (CNVD-2026-11804)

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

Apache Kyuubi Directory Traversal Vulnerability

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

Huawei HarmonyOS and EMUI Clone Module Man-in-the-Middle Attack Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A man-in-the-middle attack vulnerability exists in the...

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10675)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

Tenda AX1806 sub_4CA50 function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the security5g parameter in the sub4CA50 function failing to properly validate the length size of the input data, which can be exploited by an attacker...

GPAC dump_ttxt_sample function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability , the vulnerability stems from the dumpttxtsample function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

D-Link DI-8200G Command Injection Vulnerability

The D-Link DI-8200G is an enterprise router from China-based AUO D-Link. The D-Link DI-8200G suffers from a command injection vulnerability due to manipulation of a path parameter in an unknown function in the /upgradefilter.asp file. An attacker could exploit this vulnerability to execute...

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10680)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10677)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...

D-Link DIR-806A Command Injection Vulnerability

The D-Link DIR-806A is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-806A version 100CNb11, which stems from the failure of the ssdpcgimain function in the SSDP Request Handler component to correctly filter constructed command special...