130931 matches found
Multiple Mozilla product information leakage vulnerabilities (CNVD-2026-23774)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to...
Multiple Mozilla product information leakage vulnerabilities (CNVD-2026-23775)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to...
Huawei HarmonyOS hiview module missing data validation vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A missing data validation vulnerability exists in the Huawei HarmonyOS hiview module, which can be exploited by an attacker to cause availability to be...
Adobe Substance 3D Modeler null pointer dereference vulnerability (CNVD-2026-11768)
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...
GPAC Out-of-Bounds Read Vulnerability
GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the GSF demultiplexer filter component failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Adobe Substance 3D Modeler Null Pointer Dereference Vulnerability
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...
Mozilla Firefox and Mozilla Firefox ESR Buffer Overflow Vulnerability (CNVD-2026-11800)
Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. Mozilla Firefox and Mozilla Firefox ESR suffer from a buffer overflow vulnerability caused by incorrect bounda...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-11803)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2026-11801)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Mozilla Firefox and Mozilla Firefox ESR code execution vulnerability (CNVD-2026-11799)
Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. A code execution vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR due to a use-after-release in...
WordPress Responsive Accordion Slider plugin unauthorized data modification vulnerability
WordPress Responsive Accordion Slider plugin is a WordPress plugin that combines the functionality of folding panels Accordion and rotating images Slider. The WordPress Responsive Accordion Slider plugin suffers from an unauthorized data modification vulnerability that stems from a lack of...
WordPress Short Link plugin cross-site scripting vulnerability
WordPress Short Link plugin is a class of tools for generating and managing short links Shortlinks. A cross-site scripting vulnerability exists in the WordPress Short Link plugin, which stems from insufficient input cleanup and output escaping of the shortlinkposttitle and shortlinkpagetitle...
Microsoft Windows SMB Server Denial of Service Vulnerability
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A denial of service vulnerability exists in Microsoft Windows SMB Server, which is caused d...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-11806)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-11802)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Mozilla Firefox and Mozilla Thunderbird denial-of-service vulnerabilities (CNVD-2026-23771)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate...
Huawei HarmonyOS Print Module Improper Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improper privilege control vulnerability exists in the Huawei HarmonyOS printing module, which can be exploited by an attacker to compromise confidentiali...
WordPress Kunze Law plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...
Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...
WordPress Flat Shipping Rate by City for WooCommerce plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanSpeed2 parameter in the fromAdvSetMacMtuWan function failing to correctly valida...
WordPress WP-CRM System plugin unauthorized access vulnerability
The WordPress WP-CRM System plugin is a Customer Relationship Management CRM tool designed for WordPress websites that allows users to manage customer data, tasks and projects directly from the WordPress backend. WordPress WP-CRM System plugin suffers from an unauthorized access vulnerability tha...
Mozilla Firefox and Mozilla Thunderbird code execution vulnerabilities (CNVD-2026-23773)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
Microsoft Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver, which can be exploited by an attacker to elevate privileges...
Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2026-10859)
Adobe Substance 3D Modeler is a software focused on 3D sculpting that allows users to create 3D models in both desktop and VR environments using digital clay-like intuitive tools.... Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker ...
Microsoft Windows NTFS Code Execution Vulnerability
Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...
GPAC uncv_parse_config function stack buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability that originates from the uncvparseconfig function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in the Microsoft Windows Ancillary Function Driver for WinSock due to a type obfuscation flaw in the auxiliary function driver for...
Microsoft Windows Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in the Microsoft Windows Tablet Windows User Interface TWINUI Subsystem, which can be exploited by attackers to obtain sensitive...
Microsoft Windows NTFS Code Execution Vulnerability (CNVD-2026-17156)
Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...
GPAC oggdmx_parse_tags function out-of-bounds read vulnerability
GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the oggdmxparsetags function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
GPAC avi_parse_input_file function heap buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a heap buffer overflow vulnerability that stems from the aviparseinputfile function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...
Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13984)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...
WordPress SpiceForms Form Builder plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SpiceForms Form Builder plugin, which stems from the lack of effective filtering and escaping of user-supplied data ...
WordPress Electric Studio Download Counter plugin cross-site scripting vulnerability
WordPress Electric Studio Download Counter plugin is a plugin for WordPress websites whose main function is to count and track the number of file downloads. The WordPress Electric Studio Download Counter plugin suffers from a cross-site scripting vulnerability that stems from the application's la...
WordPress Supreme Modules Lite plugin code issue vulnerability
WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...
Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege vulnerability (CNVD-2026-17154)
Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver due to an untrusted pointer dereference flaw in the Cloud Files Mini-Filter Driver component. An...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2026-11805)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Microsoft Graphics Kernel Competitive Conditions Issue Vulnerability
Microsoft Graphics Kernel is a kernel-mode graphics driver subsystem from Microsoft. A security vulnerability exists in Microsoft Graphics Kernel. An attacker could exploit the vulnerability to gain elevated privileges...
Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...
Intern Membership Management System /add_admin.php File SQL Injection Vulnerability
Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /intern/admin/addadmin.php for externally entered SQL...
Integer Overflow Vulnerability in Multiple Mozilla Products
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11772)
Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...
Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the cloneType parameter of the sub65B5C function failing to properly validate the length size of the input data, which can be exploited by an attacker ...
Adobe Dreamweaver Desktop Input Validation Error Vulnerability (CNVD-2026-11774)
Adobe Dreamweaver Desktop is a web design and development software from the American company Audobee Adobe. Adobe Dreamweaver Desktop is vulnerable to an incorrect input validation error vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the system...
D-Link DWR-M920 Command Injection Vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter fotaurl in the function sub4155B4 in the file /boafrm/formLtefotaUpgradeFibocom, for which n...
D-Link DWR-M920 sub_464794 function buffer overflow vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub464794 in the file /boafrm/formDefRoute, for which no detailed...
TRENDnet TEW-713RE Operating System Command Injection Vulnerability
The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from an operating system command injection vulnerability due to manipulation of the SZCMD parameter in an unknown function in the /goformX/formFSrvX file. An attacker could exploit the...
D-Link DWR-M920 sub_42261C Function Stack Buffer Overflow Vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a stack buffer overflow vulnerability that stems from incorrect manipulation of the parameter ip6addr in the function sub42261C in the file /boafrm/formFilter, for which no detailed...