131179 matches found
Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10851)
Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from a device reboot during execution of the Achilles Comprehensive step limit storm test, and can be...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16631)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...
Tenda AX1803 Buffer Overflow Vulnerability (CNVD-2026-10638)
Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. The Tenda AX1803 suffers from a buffer overflow vulnerability caused by incorrect boundary checking in the GetWifiGuestBasic function of the /goform/WifiGuestSet file. An attacker could exploit this vulnerability to execute...
Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10854)
Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from a device losing ICMP connectivity while performing a Burp Suite active scan, and can be exploited ...
TOTOLINK NR1800X Command Injection Vulnerability (CNVD-2026-11736)
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. The TOTOLINK NR1800X suffers from a command injection vulnerability, which stems from a misuse of the parameter...
Tenda AX1806 sub_4C408 function stack overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 sub4C408 function, which can be exploited by an attacker to cause a denial of service...
Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10849)
Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected device reboot during the execution of the Achilles Comprehensive limited storm test,...
Tenda W30E Information Disclosure Vulnerability
The Tenda W30E is a router from the Chinese company Tenda. The Tenda W30E suffers from an information disclosure vulnerability that can be exploited by an attacker to cause credential disclosure...
Rockwell Automation CompactLogix 5370 Denial of Service Vulnerability
Rockwell Automation CompactLogix 5370 is a programmable logic controller from Rockwell Automation. The Rockwell Automation CompactLogix 5370 suffers from a denial of service vulnerability that originates from sending a malformed CIP forward open message, which can be exploited by an attacker to...
Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10850)
Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which stems from the device being unresponsive during fuzzing tests using Defensics, and can be exploited by an attacker...
NVIDIA CUDA toolkit gfx_hotspot module command injection vulnerability
NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. The NVIDIA CUDA toolkit suffers from an operating system command injection vulnerability that stems from the failure of the gfxhotspot module of...
WordPress Plugin WP Directory Kit Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP Directory Kit has an information disclosure vulnerability, the vulnerabilit...
Google Chrome Security Bypass Vulnerability (CNVD-2026-11753)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error and can be exploited by attackers to bypass security restrictions...
MedDream PACS Premium Cross-Site Scripting Vulnerability
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the sendOruReport feature. An attacker could exploit the...
WordPress Plugin WP FullCalendar Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP FullCalendar, which...
IBM Licensing Operator Elevation of Privilege Vulnerability
IBM Licensing Operator is a component of International Business Machines IBM that automates the collection of management data. An elevation of privilege vulnerability exists in IBM Licensing Operator that can be exploited by an attacker to cause a local elevation of privilege within a container...
Google Chrome Code Execution Vulnerability (CNVD-2026-11751)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by free usage in ANGLE. An attacker can exploit the vulnerability to execute arbitrary code on a system...
IBM Concert Information Disclosure Vulnerability (CNVD-2026-10661)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
IBM Concert Information Disclosure Vulnerability (CNVD-2026-10662)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
IBM ApplinX Cross-Site Request Forgery Vulnerability (CNVD-2026-10656)
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is from a...
Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10852)
Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected reboot of the device during execution of the Achilles EtherNet/IP Step Limits Storms...
IBM ApplinX Information Disclosure Vulnerability (CNVD-2026-10653)
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An information disclosure vulnerability exists in IBM ApplinX, which can be exploited by attackers to obtain sensitive information...
Microsoft Office Code Execution Vulnerability (CNVD-2026-16161)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16627)
Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL for MySQL Server and MySQL Cluster, which can be exploited by attackers to cause a denial of service...
WordPress Plugin Contact Form 7 GetResponse Extension Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Contact Form 7 GetRespon...
IBM ApplinX Unauthorized Access Vulnerability
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. An unauthorized access vulnerability exists in IBM ApplinX that stems from insufficient server-side enforcement of client-side security, which could be...
WordPress Plugin CubeWP - All-in-One Dynamic Content Framework Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin CubeWP - All-in-One...
WordPress Plugin ABG Rich Pins Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ABG Rich Pins, no detailed...
IBM Aspera Console Log Message Disclosure Vulnerability
IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. IBM Aspera Console suffers from a log information disclosure vulnerability that originates from the storage of...
WordPress Plugin Booking Ultra Pro Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Booking Ultra Pro, which...
Rockwell Automation ArmorStart LT Denial of Service Vulnerability
Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which can be exploited by an attacker to cause a denial of service due to an unexpected reboot of the device during...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16629)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability in Oracle MySQL's MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0 can be exploited ...
WordPress Plugin Cargus Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Cargus, which originates...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16630)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a denial ...
IBM Concert Code Issue Vulnerability
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a code issue vulnerability that stems from not validating the content of files uploaded to the web interface, which can be...
Google Chrome Security Bypass Vulnerability (CNVD-2026-11755)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2026-11750)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient enforcement of new policies on the network, which can be exploited by an attacker to obtain potentially sensitive information via web log files...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16638)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0, which c...
NVIDIA CUDA toolkit code issue vulnerability
NVIDIA CUDA toolkit is a toolkit from NVIDIA, Inc. It provides a development environment for creating high-performance GPU-accelerated applications. A security vulnerability exists in NVIDIA CUDA Toolkit, which can be exploited by an attacker to cause arbitrary code to be executed with the same...
MedDream PACS Premium Arbitrary File Read Vulnerability
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. An arbitrary file read vulnerability exists in MedDream PACS Premium, which can be exploited by an attacker to cause arbitrary files to be read...
Unspecified Vulnerability in Oracle MySQL (CNVD-2026-16628)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server versions 9.0.0 through 9.5.0, which can be exploited by attackers to cause a partial...
Google Chrome Security Bypass Vulnerability (CNVD-2026-11752)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation in Blink, which can be exploited by attackers to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2026-11754)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error in split-screen view, which can be exploited by an attacker to bypass security restrictions...
Unspecified Vulnerability in HCL AION (CNVD-2026-16406)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused due to improper handling of host headers that enable host header injection. An attacker can exploit the vulnerability to allow malicious file uploads, resulting in...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10667)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...
Unspecified Vulnerability in HCL AION (CNVD-2026-16410)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to use easy-to-guess passwords, leading to unauthorized access...
Unspecified Vulnerability in HCL AION (CNVD-2026-16407)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...
HCL AION Security Bypass Vulnerability (CNVD-2026-16404)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that is caused by a JWT token that expires too long increasing the risk of token misuse. An attacker can exploit the vulnerability to cause unauthorized access...
HCL AION File Upload Vulnerability
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a file upload vulnerability that can be exploited by an attacker to upload malicious files leading to arbitrary code execution or system compromise...
HCL AION Information Disclosure Vulnerability (CNVD-2026-16405)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability, which is due to cachable HTTP responses leading to accidental storage of sensitive or dynamic content. An attacker can exploit the vulnerability to gain access to sensiti...