131179 matches found
HCL AION Information Disclosure Vulnerability (CNVD-2026-16409)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to expose sensitive technical details, leading to information disclosure or assisting in further attacks...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11738)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the autoPurge feature. An attacker could exploit the...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10670)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the email failedjob feature. An attacker could exploit the...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10669)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10668)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...
IBM ApplinX Data Forgery Issue Vulnerability
IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern Web-based applications. IBM ApplinX has a data forgery issue vulnerability that stems from improper JWT token validation, which can be exploited by an attacker to elevate...
NVIDIA Merlin Transformers4Rec Code Injection Vulnerability
NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability that stems from incorrectly filtering input parameters, which can be exploited by a remote attacker t...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11737)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the modifyUser feature. An attacker could exploit the...
NVIDIA NSIGHT Graphics Operating System Command Injection Vulnerability
NVIDIA NSIGHT Graphics is a GPU graphics debugging and performance analysis tool from NVIDIA. NVIDIA NSIGHT Graphics suffers from an operating system command injection vulnerability that stems from a lack of input validation, which can be exploited by attackers to cause code execution, elevation ...
GNU InetUtils Telnetd Remote Authentication Bypass Vulnerability
GNU InetUtils telnetd is a telnet service daemon in the GNU InetUtils suite that listens on TCP port 23 and provides clients with plaintext terminal access based on the Telnet protocol. A remote authentication bypass vulnerability exists in GNU InetUtils Telnetd, which can be exploited to bypass...
WordPress Sosh Share Buttons plugin cross-site request forgery vulnerability
WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11772)
Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. A buffer overflow vulnerability exists in Adobe InDesign, which is caused by an access to an uninitialized pointer error, and can be exploited by an attacker to...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11773)
Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
WordPress GetContentFromURL plugin server-side request forgery vulnerability
The WordPress GetContentFromURL plugin is a tool that allows users to grab content from other websites and display it on WordPress sites with a simple short code. The WordPress GetContentFromURL plugin suffers from a server-side request forgery vulnerability that stems from the use of the...
GPAC vorbis_to_intern function stack buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the vorbistointern function failing to correctly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...
GPAC dump_ttxt_sample function stack buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability , the vulnerability stems from the dumpttxtsample function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...
GPAC pcmreframe_flush_packet function stack buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability that stems from the pcmreframeflushpacket function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...
Mozilla Firefox and Mozilla Thunderbird denial-of-service vulnerabilities (CNVD-2026-23771)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
WordPress SearchWiz plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SearchWiz plugin that stems from the use of escattr instead of eschtml to output post titles in search results, whic...
Wondershare Dr. Fone Code Issue Vulnerability
Wondershare Dr. Fone is a one-stop solution for cell phones from China's Wanxing Wondershare. A code issue vulnerability exists in Wondershare Dr. Fone, which stems from an unquoted service path that can be exploited by an attacker to cause a local user to execute arbitrary code and elevate syste...
GPAC vobsub_get_subpic_duration function buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a buffer overflow vulnerability that stems from the vobsubgetsubpicduration function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Microsoft Windows File Explorer Information Disclosure Vulnerability
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
Mozilla Firefox and Mozilla Firefox ESR code execution vulnerability (CNVD-2026-11799)
Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. A code execution vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR due to a use-after-release in...
Apache Kyuubi Directory Traversal Vulnerability
Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...
GPAC uncv_parse_config function stack buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability that originates from the uncvparseconfig function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
GPAC avi_parse_input_file function heap buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC has a heap buffer overflow vulnerability that stems from the aviparseinputfile function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...
WordPress Gotham Block Extra Light plugin path traversal vulnerability
The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. A path traversal vulnerability exists in the WordPress Gotham Block Extra Light plugin, which stems from the mishandling of the ghostban shortcode, and...
Adobe Dreamweaver License Issue Vulnerability
Adobe Dreamweaver is a professional web code editor and web development tool developed by Adobe. Adobe Dreamweaver suffers from an authorization issue vulnerability that can be exploited by attackers to execute arbitrary code on the system...
Huawei HarmonyOS and EMUI Clone Module Man-in-the-Middle Attack Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A man-in-the-middle attack vulnerability exists in the...
Mozilla Firefox and Mozilla Firefox ESR Buffer Overflow Vulnerability (CNVD-2026-11800)
Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. Mozilla Firefox and Mozilla Firefox ESR suffer from a buffer overflow vulnerability caused by incorrect bounda...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-11803)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2026-11801)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Siemens Industrial Edge Devices authorization bypass vulnerability
Siemens Industrial Edge Devices are a series of industrial edge devices developed by the German company Siemens, used for on-site data processing and intelligent control. Siemens Industrial Edge Devices have a vulnerability related to authorization bypassing. This vulnerability stems from imprope...
WordPress SpiceForms Form Builder plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SpiceForms Form Builder plugin, which stems from the lack of effective filtering and escaping of user-supplied data ...
GPAC oggdmx_parse_tags function out-of-bounds read vulnerability
GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the oggdmxparsetags function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...
D-Link DIR-806A Command Injection Vulnerability
The D-Link DIR-806A is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-806A version 100CNb11, which stems from the failure of the ssdpcgimain function in the SSDP Request Handler component to correctly filter constructed command special...
WordPress Gotham Block Extra Light plugin cross-site scripting vulnerability
The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. The WordPress Gotham Block Extra Light plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
WordPress AJS Footnotes plugin cross-site scripting vulnerability
WordPress AJS Footnotes plugin is a plugin for WordPress designed to add aesthetically pleasing footnote features to posts or pages. The WordPress AJS Footnotes plugin suffers from a cross-site scripting vulnerability that stems from the lack of valid filtering and escaping of notelistclass and...
Huawei HarmonyOS Card Framework Module Multi-threaded Contest Condition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded race condition vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause availabili...
Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10674)
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
Microsoft Windows Cloud Files Mini Filter Driver elevation of privilege vulnerability (CNVD-2026-17154)
Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver due to an untrusted pointer dereference flaw in the Cloud Files Mini-Filter Driver component. An...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-11802)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the mac2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate th...
GPAC Stack Buffer Overflow Vulnerability
GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the dmxsaf function failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of service...
ZTE MF258K Pro Configuration Flaw Vulnerability
The ZTE MF258K Pro is a 4G outdoor bridge kit from ZTE China. The ZTE MF258K Pro suffers from a configuration flaw vulnerability that stems from improperly set directory permissions, which can be exploited by an attacker to cause a write operation to be performed...
Adobe Substance 3D Modeler Null Pointer Dereference Vulnerability
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...
Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13984)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...
Mozilla Firefox and Mozilla Thunderbird information leakage vulnerabilities (CNVD-2026-23770)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
WordPress Electric Studio Download Counter plugin cross-site scripting vulnerability
WordPress Electric Studio Download Counter plugin is a plugin for WordPress websites whose main function is to count and track the number of file downloads. The WordPress Electric Studio Download Counter plugin suffers from a cross-site scripting vulnerability that stems from the application's la...