Adobe Creative Cloud Desktop Application Denial of Service Vulnerability (CNVD-2026-10898)

Adobe Creative Cloud Desktop Application is a suite of applications for managing applications and services in the Creative Cloud Membership Management Center from Adobe USA. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

Siemens RUGGEDCOM ROX II Command Injection Vulnerability

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from a command injection vulnerability that is caused by a flaw in the dynamic DNS configuration process. An attacker can exploit the vulnerability to execute...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00689)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...

NVIDIA Merlin Transformers4Rec Deserialization Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a deserialization vulnerability that originates from unsafe deserialization processing of serialized data submitted by a user when...

Siemens SIMATIC CN 4100 Command Injection Vulnerability

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. The Siemens SIMATIC CN 4100 suffers from a command injection vulnerability that stems from insufficient validation of REST API input parameters, which can be exploited by an attacker to cause execution of arbitrary code...

AzeoTech DAQFactory Out-of-Bounds Write Vulnerability

AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, Inc. and commonly used in industrial automation. AzeoTech DAQFactory suffers from an out-of-bounds write vulnerability that originates from an out-of-bounds write to a memory buffer, which can be exploited by...

AzeoTech DAQFactory Out-of-Bounds Read Vulnerability

AzeoTech DAQFactory is a data acquisition and monitoring software developed by AzeoTech, Inc. and commonly used in industrial automation. AzeoTech DAQFactory suffers from an out-of-bounds read vulnerability that originates from out-of-bounds reading of memory buffer data, which can be exploited b...

Siemens SIMATIC CN 4100 Access Control Error Vulnerability

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. The Siemens SIMATIC CN 4100 suffers from an Access Control Error vulnerability that originates when the USB port allows an unauthenticated connection, which can be exploited by an attacker to cause a denial of service...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-30925)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

Adobe ColdFusion XML External Entity References Improperly Restricted Vulnerability (CNVD-2026-0494343)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an improperly restricted XML external entity...

Adobe DNG Software Development Kit (SDK) Out-of-Bounds Read Vulnerability

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. The Adobe DNG Software Development Kit SDK contains an out-of-bounds read vulnerability that can be exploited by attackers to obtain sensitive information or cause a denial of service...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00680)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

NVIDIA NVTabular Deserialization Vulnerability

NVIDIA NVTabular is a component of a deep learning recommender system framework from NVIDIA, USA. A deserialization vulnerability exists in NVIDIA NVTabular, which arises from unsafe deserialization of serialized data received from users by the Workflow component and can be exploited by an attack...

Adobe DNG Software Development Kit (SDK) Heap Buffer Overflow Vulnerability

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. The Adobe DNG Software Development Kit SDK contains a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on a system or cause an application...

Google Chrome Reuse After Release Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a post-release reuse vulnerability that stems from post-release reuse in the password manager. An attacker can exploit this vulnerability to perform a sandbox escape...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-30927)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012750)

Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...

Adobe DNG Software Development Kit (SDK) Input Validation Error Vulnerability

Adobe DNG Software Development Kit SDK is a software development kit from the American company Audobee Adobe. An input validation error vulnerability exists in Adobe DNG Software Development Kit SDK, which can be exploited by an attacker to execute arbitrary code on a system or cause an applicati...

Microsoft Word Code Execution Vulnerability (CNVD-2025-30662)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to execute arbitrary code on a system...

MailEnable Id Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

Microsoft Windows Routing and Remote Access Service Remote Code Execution Vulnerability

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft USA that is used to implement features such as network routing, virtual private networks VPNs and dial-up connections. A remote code execution vulnerability exists in Microsoft Windows Routing and Remote Acces...

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2026-14410)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...

WordPress Actionwear products sync plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Actionwear products sync plugin, no details of the vulnerability are provided at this time...

WordPress ArtPlacer Widget plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress ArtPlacer Widget plugin that stems from the application's lack of validation of externally entered SQL statements. No...

WordPress Auto Alt Text plugin cross-site request forgery vulnerability

WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...

MailEnable Failed Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

MailEnable AddressesTo Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

MailEnable FieldCc Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

MailEnable FieldTo Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

MailEnable InstanceScope Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

MailEnable Message Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

Microsoft Exchange Server Input Validation Error Vulnerability (CNVD-2025-3057284)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...

Microsoft Outlook Resource Management Error Vulnerability

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A security vulnerability exists in Microsoft Outlook. An attacker could exploit the vulnerability to remotely execute code...

WordPress Plugin Download Manager Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Download Manager, which...

WordPress Plugin EventPrime Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin EventPrime, which can be...

WordPress Plugin Geo Controller Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

WordPress plugin Shortcodes and extra features for Phlox theme information leakage vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Shortcodes and extra...

WordPress Plugin WP EasyCart Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP EasyCart, which...

WordPress Plugin Portfolio and Projects Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Portfolio and Projects,...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30653)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30654)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30655)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30656)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30657)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30658)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to execute arbitrary code on the system...

Microsoft Office Code Execution Vulnerability (CNVD-2025-30660)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Word Code Execution Vulnerability (CNVD-2025-30661)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Word Code Execution Vulnerability (CNVD-2025-30663)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

WordPress AdForest plugin missing authorization vulnerability

WordPress AdForest plugin is a popular classified ads solution for building an online classified ads platform on your WordPress website. WordPress AdForest plugin suffers from a missing authorization vulnerability that stems from an improperly configured access control security level. No detailed...