131179 matches found
Apple macOS Tahoe Injection Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an injection vulnerability that stems from a lack of adequate validation and cleanup of th...
ChurchCRM legacy endpoint SQL injection vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that originates from the unvalidated familyId parameter in legacy endpoints/Reports/ConfirmReportEmail.php, and no details of the vulnerability are provided at this time...
MailEnable Insecure DLL Loading Vulnerability
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
Unspecified Vulnerability in MailEnable (CNVD-2026-10887)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable has a security vulnerability that can be exploited by attackers to cause local credential disclosure and account takeover...
Unspecified Vulnerability in MailEnable
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable has a security vulnerability that can be exploited by attackers to cause local credential disclosure and account takeover...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14406)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnableMailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14405)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14404)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnableMailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14403)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from a MailEnable Insecure DLL Load vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14401)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14400)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
Class and Exam Timetable Management /preview7.php File SQL Injection Vulnerability
Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter courseyearsection/semester in the file...
Google Pixel elevation of privilege vulnerability (CNVD-2026-0269422)
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...
Class and Exam Timetable Management /index.php File SQL Injection Vulnerability
Class and Exam Timetable Management is a course and exam timetable management system. Class and Exam Timetable Management suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameters username/password in the file...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079510)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W has a buffer overflow vulnerability, the vulnerability stems fro...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14402)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
Google Pixel elevation of privilege vulnerability (CNVD-2026-0269323)
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...
IBM Aspera Orchestrator Denial of Service Vulnerability
IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. A denial of service vulnerability exists in IBM Aspera Orchestrator that stems from improper interaction frequency control, which can be exploited by an attacker to cause a denial of...
TeamViewer DEX Client Elevation of Privilege Vulnerability
TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. An elevation of privilege vulnerability exists in TeamViewer DEX Client, which can be exploited by an attacker to cause elevation of privilege and execute arbitrary code...
IBM Aspera Orchestrator Unverified Password Change Vulnerability
IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. An unauthenticated password change vulnerability exists in IBM Aspera Orchestrator, which can be exploited by an attacker to make unauthorized changes to other users' passwords...
D-Link DIR-803 Information Disclosure Vulnerability
The D-Link DIR-803 is a wireless router from China's AUO D-Link. The D-Link DIR-803 suffers from an information disclosure vulnerability that originates from the incorrect operation of the parameter AUTHORIZEDGROUP in the file /getcfg.php of the component Configuration Handler, which can be...
Google Pixel elevation of privilege vulnerability (CNVD-2026-0269620)
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause physical elevation of privilege...
MailEnable Insecure DLL Loading Vulnerability (CNVD-2026-14399)
MailEnable is a Windows-based business e-mail server from MailEnable Australia. MailEnable suffers from an insecure DLL loading vulnerability that can be exploited by an attacker to cause local arbitrary code execution...
WordPress Addon Elements for Elementor Cross-Site Scripting Vulnerability
WordPress Addon Elements for Elementor is a plugin for the Elementor page builder designed to extend its functionality by providing additional widgets, templates and tools. WordPress Addon Elements for Elementor suffers from a cross-site scripting vulnerability that stems from the program's...
Simple Attendance Record System check.php File SQL Injection Vulnerability
Simple Attendance Record System is a simple attendance record system. Simple Attendance Record System suffers from a SQL injection vulnerability that originates from an unknown function in the /check.php file that mishandles the student parameter. An attacker can use this vulnerability to obtain ...
Computer Laboratory System admin_pic.php File Upload Vulnerability
Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from the mishandling of the image parameter by an unknown handler function in the /admin/adminpic.php file. An attacker can exploit this vulnerability to upload...
Student File Management System update_user.php File Cross-Site Scripting Vulnerability
Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079609)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W has a buffer overflow vulnerability that originates from the...
Student File Management System user_id Parameter SQL Injection Vulnerability
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...
Google Pixel elevation of privilege vulnerability (CNVD-2026-0269521)
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker to cause local elevation of privilege...
WordPress Video Merchant Cross-Site Request Forgery Vulnerability
WordPress Video Merchant is a once-existing WordPress plugin that is mainly used for managing and displaying video content. WordPress Video Merchant suffers from a cross-site request forgery vulnerability that stems from missing or incorrect random number validation, which can be exploited by an...
WordPress WP CarDealer Elevation of Privilege Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in WordPress WP CarDealer, which stems from insufficient user role registration restrictions, and can be exploited by an...
WordPress List category posts SQL Injection Vulnerability
WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...
WordPress RSS Aggregator by Feedzy Code Issue Vulnerability
WordPress RSS Aggregator by Feedzy is a lightweight plugin designed for WordPress that focuses on automatically grabbing content from external RSS feeds and syndicating it to your website. WordPress RSS Aggregator by Feedzy has a code issue vulnerability that stems from the existence of a blind...
WordPress Wp Job Portal Arbitrary File Read Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in WordPress Wp Job Portal, which stems from improper handling of the downloadCustomUploadedFile function, and can be exploited ...
WordPress db-access SQL Injection Vulnerability
WordPress db-access is the core part of the WordPress system that interacts with the database. WordPress db-access exists SQL injection vulnerability, the vulnerability stems from the lack of authorization for AJAX operations, an attacker can use this vulnerability by sending malicious SQL comman...
WordPress Widgets For Google Reviews Cross-Site Scripting Vulnerability
WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...
WordPress Upload.am Arbitrary Option Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An arbitrary option disclosure vulnerability exists in WordPress Upload.am, which stems from a lack of capability checking by the AJAX request processor, which can be...
WordPress Donation SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Donation suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping, no details of the vulnerability are provided at this time...
Command Injection Vulnerability in FineReport, FineBI, and FineDataLink of SailSoft Software Ltd.
FineReport is a leading enterprise-grade web reporting tool.FineBI is a new generation of self-service BI tools.FineDataLink is a low-code/high-time-efficiency enterprise-grade one-stop data integration and governance platform product. A command injection vulnerability exists in FineReport, FineB...
NVIDIA Merlin Transformers4Rec Deserialization Vulnerability
NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a deserialization vulnerability that originates from unsafe deserialization processing of serialized data submitted by a user when...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00679)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0013343)
Adobe Experience Manager is an enterprise-class content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that originates from a low-privilege attacker who can inject malicious script into form fields, no details of the vulnerability are...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0012849)
Adobe Experience Manager is an enterprise-class content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from a stored cross-site scripting vulnerability in form fields, for which no detailed vulnerability details are currently...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0494065)
Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-0493967)
Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...
Adobe Experience Manager Cross-Site Scripting Vulnerability
Adobe Experience Manager is enterprise-grade content management software CMS from Adobe for building, managing, and deploying digital experiences such as websites, mobile apps, digital assets, and forms. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from a...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00680)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00684)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00687)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...