131179 matches found
WordPress Testimonials Creator plugin cross-site scripting vulnerability
WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...
Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...
Buffer overflow vulnerability in multiple Mozilla products (CNVD-2026-11804)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Microsoft Excel Code Execution Vulnerability (CNVD-2026-08747)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to remotely execute code...
WordPress Short Link plugin cross-site scripting vulnerability
WordPress Short Link plugin is a class of tools for generating and managing short links Shortlinks. A cross-site scripting vulnerability exists in the WordPress Short Link plugin, which stems from insufficient input cleanup and output escaping of the shortlinkposttitle and shortlinkpagetitle...
Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18590)
Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. The Dell PowerProtect Data Domain suffers from an operating system command injection vulnerability that originates from improper...
Huawei HarmonyOS Memo Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...
Microsoft Windows SMB Server Denial of Service Vulnerability
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A denial of service vulnerability exists in Microsoft Windows SMB Server, which is caused d...
WordPress LinkedIn SC plugin cross-site scripting vulnerability
WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...
D-Link DI-8200G Command Injection Vulnerability
The D-Link DI-8200G is an enterprise router from China-based AUO D-Link. The D-Link DI-8200G suffers from a command injection vulnerability due to manipulation of a path parameter in an unknown function in the /upgradefilter.asp file. An attacker could exploit this vulnerability to execute...
WordPress Stopwords for comments plugin cross-site request forgery vulnerability
The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...
Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CNVD-2026-17152)
Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock, which is caused by freeing memory in the WinSock Ancillary Function...
Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10677)
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...
Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10675)
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10680)
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...
Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10681)
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server, which can b...
Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10679)
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...
Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10678)
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...
Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2026-10858)
Adobe Substance 3D Modeler is a software focused on 3D sculpting that allows users to create 3D models in both desktop and VR environments using digital clay-like intuitive tools.... Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker ...
Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the cloneType parameter of the sub65B5C function failing to properly validate the length size of the input data, which can be exploited by an attacker ...
Tenda AX1806 sub_65A28 function stack buffer overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the serviceName parameter of the sub65A28 function failing to properly validate the length size of the input data, which can be exploited by an attacke...
Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the mac parameter of the sub65B5C function failing to properly validate the length size of the input data, which can be exploited by an attacker to cau...
Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the sub65B5C function's wanSpeed parameter failing to properly validate the length size of the input data, which can be exploited by an attacker to cau...
Microsoft Graphics Component Resource Management Error Vulnerability
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. An attacker could exploit this vulnerability to gain elevated privileges...
Tenda AX1806 sub_4CA50 function stack buffer overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the security5g parameter in the sub4CA50 function failing to properly validate the length size of the input data, which can be exploited by an attacker...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the cloneType2 parameter in the fromAdvSetMacMtuWan function failing to properly valida...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the failure of the serviceName2 parameter in the fromAdvSetMacMtuWan function to proper...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanSpeed2 parameter in the fromAdvSetMacMtuWan function failing to correctly valida...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate...
Microsoft Windows NTFS Code Execution Vulnerability (CNVD-2026-17156)
Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...
Microsoft Windows Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in the Microsoft Windows Tablet Windows User Interface TWINUI Subsystem, which can be exploited by attackers to obtain sensitive...
Adobe Substance 3D Modeler null pointer dereference vulnerability (CNVD-2026-11768)
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. Adobe Substance 3D Modeler suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a denial of service...
Microsoft Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows Cloud Files Mini Filter Driver is a cloud file filter driver from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Cloud Files Mini Filter Driver, which can be exploited by an attacker to elevate privileges...
Adobe InDesign Out-of-Bounds Read Vulnerability (CNVD-2026-11767)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information...
Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2026-11770)
Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a heap buffer overflow vulnerability that originates from a partial overwrite of heap memory, which can be exploited by an attacker to...
Microsoft Windows NTFS Code Execution Vulnerability
Microsoft Windows NTFS is a file system from Microsoft USA that serves computer files. The file system has error warning, disk self-healing and logging capabilities. A code execution vulnerability exists in Microsoft Windows NTFS, which can be exploited by an attacker to execute arbitrary code on...
Cyber Cafe Management System add-users.php Endpoint Cross-Site Scripting Vulnerability
Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the username parameter of the add-users.php endpoint not adequately handling the input, no details of the vulnerability are available at...
WordPress Kunze Law plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...
Adobe Substance 3D Modeler Out-of-Bounds Write Vulnerability (CNVD-2026-10859)
Adobe Substance 3D Modeler is a software focused on 3D sculpting that allows users to create 3D models in both desktop and VR environments using digital clay-like intuitive tools.... Adobe Substance 3D Modeler suffers from an out-of-bounds write vulnerability that can be exploited by an attacker ...
WordPress Responsive Accordion Slider plugin unauthorized data modification vulnerability
WordPress Responsive Accordion Slider plugin is a WordPress plugin that combines the functionality of folding panels Accordion and rotating images Slider. The WordPress Responsive Accordion Slider plugin suffers from an unauthorized data modification vulnerability that stems from a lack of...
WordPress Float Payment Gateway plugin unauthorized data modification vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Float Payment Gateway plugin that stems from mishandling of errors and can be exploited by an attacker to...
WordPress Aplazo Payment Gateway plugin missing privileges vulnerability
WordPress Aplazo Payment Gateway plugin is a payment gateway plugin for WooCommerce stores that allows customers to choose "buy now, pay later" payment method at the time of purchase. A lack of privileges vulnerability exists in WordPress Aplazo Payment Gateway plugin, which can be exploited by a...
WordPress Internal Link Builder plugin cross-site scripting vulnerability
WordPress Internal Link Builder plugin is a tool used to help webmasters create internal links on WordPress sites. WordPress Internal Link Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability (CNVD-2026-10873)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...
GPAC Out-of-Bounds Read Vulnerability
GPAC is an open source multimedia framework. GPAC suffers from an out-of-bounds read vulnerability that stems from the GSF demultiplexer filter component failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...
Huawei HarmonyOS Print Module Improper Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improper privilege control vulnerability exists in the Huawei HarmonyOS printing module, which can be exploited by an attacker to compromise confidentiali...
Cyber Cafe Management System add-users.php Endpoint SQL Injection Vulnerability
Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the username parameter of the add-users.php endpoint not adequately validating user input, no details of the vulnerability are available at...
Huawei HarmonyOS Multimode Input Module Double Release Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A double-release vulnerability exists in the Huawei HarmonyOS multimode input module, which can be exploited by an attacker to cause input functionality to b...
Huawei HarmonyOS Thermal Management Module Multi-threaded Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS thermal management module, which can be exploited by an attacker to caus...