131179 matches found
Huawei HarmonyOS file preview module permission control vulnerability
Huawei HarmonyOS is a distributed operating system developed by Huawei. It is primarily used for intelligent terminal devices, providing cross-device collaboration and a unified experience. The Huawei HarmonyOS file preview module has a permission control vulnerability. This vulnerability stems...
Adobe Substance3D Sampler out-of-bound write vulnerability (CNVD-2026-26866)
Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Adobe Substance3D Sampler has a out-of-bounds write vulnerability, allowing attackers to execute arbitrary code within the context of the current user...
Adobe InDesign Desktop Null Reference Deletion Vulnerability (CNVD-2026-26867)
Adobe InDesign is a typesetting and editing application developed by Adobe, a company based in America. Adobe InDesign has a null pointer dereferencing vulnerability, which can be exploited by attackers to cause a denial-of-service attack...
Adobe InDesign Null Pointer Reference Vulnerability (CNVD-2026-26868)
Adobe InDesign is a typesetting and editing application developed by Adobe, a company based in America. Adobe InDesign has a null pointer dereferencing vulnerability, which can be exploited by attackers to cause a denial-of-service attack...
Microsoft Excel information leakage vulnerability (CNVD-2026-24917)
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is an information leakage vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to obtain sensitive information...
Adobe Substance3D Sampler out-of-bound write vulnerability (CNVD-2026-24901)
Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Adobe Substance3D Sampler has a out-of-bounds write vulnerability, allowing attackers to execute arbitrary code within the current user environment...
Tenda W15E formPortalAuth function buffer overflow vulnerability
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E version 15.11.0.10 has a buffer overflow vulnerability. This vulnerability stems from the faulty handling of the gotoUrl parameter in the formPortalAuth function, which fails to properly validate the length ...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24903)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Huawei HarmonyOS Access Control Vulnerability (CNVD-2026-23807)
Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing seamless experiences across devices and memory management capabilities. There is an access control vulnerability in the package management module of Huawei HarmonyOS. The cause of this...
Huawei HarmonyOS browser kernel denial-of-service vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei. It primarily offers seamless collaboration across devices, intelligent experiences in various scenarios, and security features. Huawei HarmonyOS has a denial-of-service vulnerability. This vulnerability stems fr...
Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24188)
Adobe InDesign Desktop is a professional desktop publishing and page layout design software. Adobe InDesign Desktop has a heap buffer overflow vulnerability. This vulnerability arises because the program fails to properly handle data in malicious files. Attackers can exploit this vulnerability by...
Huawei HarmonyOS Print Module Permission Control Vulnerability
Huawei HarmonyOS is a distributed operating system designed for various scenarios, primarily providing features such as cross-device collaboration, intelligent connectivity, and secure operation environments. The print module of Huawei HarmonyOS has a permission control vulnerability, which stems...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24902)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Hyper-V Code Execution Vulnerability (CNVD-2026-24919)
Microsoft Hyper-V is an application developed by the American company Microsoft. It is a system management program that enables desktop virtualization. There is a code execution vulnerability in Microsoft Hyper-V, and attackers can exploit this vulnerability to execute arbitrary code on the syste...
Huawei HarmonyOS SMS app path traversal vulnerability
Huawei HarmonyOS is an operating system developed by Chinese company Huawei. It is a full-scenario distributed operating system based on a microkernel architecture. The Huawei HarmonyOS SMS app contains a path traversal vulnerability, which can be exploited by attackers to compromise the system’s...
Tenda W15E formAddWebAuthWhiteUser function: Buffer overflow vulnerability in the webAuthWhiteUserInfo parameter
Tenda W15E is a wireless router produced by the Chinese company Tenda. The Tenda W15E has a buffer overflow vulnerability in the webAuthWhiteUserInfo parameter. Attackers can exploit this vulnerability to cause denial-of-service attacks through specially crafted HTTP requests...
Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2026-25587)
FortiSandbox is a security sandbox product provided by Fortinet, primarily used for detecting and analyzing malware. Fortinet FortiSandbox has a vulnerability related to OS command injection. This vulnerability stems from an inability to properly neutralize the special elements used in OS command...
Huawei HarmonyOS package management access control error vulnerability
Huawei HarmonyOS is a distributed operating system developed by Huawei Corporation. It is designed for comprehensive scenarios and primarily offers features such as cross-device collaboration, security protection, and intelligent services. There is an access control vulnerability in the package...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24908)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe InDesign Desktop stack buffer overflow vulnerability (CNVD-2026-24184)
Adobe InDesign Desktop is a professional publishing layout and page design software, primarily used for printing and digital publication creation. Adobe InDesign Desktop has a stack buffer overflow vulnerability, which stems from insufficient input validation, leading to out-of-bound writing of...
Adobe InCopy buffer overflow vulnerability (CNVD-2026-24182)
Adobe InCopy is a professional text editing and typesetting software, primarily used for creating and editing content in collaboration with Adobe InDesign. Adobe InCopy has a security vulnerability that stems from improper handling of malicious files, leading to out-of-bound memory writes...
Microsoft Excel code execution vulnerability (CNVD-2026-24916)
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute arbitrary code on the system...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24904)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Excel code execution vulnerability (CNVD-2026-24913)
Microsoft Excel is a spreadsheet software within the Office suite developed by the American company Microsoft. There is a code execution vulnerability in Microsoft Excel, and attackers can exploit this vulnerability to execute code locally...
Adobe Substance3D Sampler out-of-bound write vulnerability (CNVD-2026-24899)
Adobe Substance3D Sampler is a rendering software for 3D scenes developed by Adobe Inc. Adobe Substance3D Sampler has a out-of-bounds write vulnerability, allowing attackers to execute arbitrary code within the current user environment...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24906)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24907)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Experience Manager Cross-Site Script Vulnerability (CNVD-2026-24909)
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Microsoft Office Code Execution Vulnerability (CNVD-2026-24912)
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a code execution vulnerability in Microsoft Office, which is caused by improper...
Adobe InDesign Desktop heap buffer overflow vulnerability (CNVD-2026-24187)
Adobe InDesign Desktop is a professional desktop publishing application, primarily used for page layout design in print and digital media. Adobe InDesign Desktop has a buffer overflow vulnerability that stems from improper handling of malicious files during user interactions. Attackers can exploi...
Microsoft Windows DNS Permission Elevation Vulnerability (CNVD-2026-24189)
Microsoft Windows DNS is a domain name resolution service provided by Microsoft Corporation in the United States. The Domain Name System DNS is one of the industry-standard protocol suites that includes TCP/IP. Both DNS clients and DNS servers work together to provide name resolution services,...
Huawei EMUI and Huawei HarmonyOS have vulnerabilities related to input validation.
Huawei HarmonyOS EMUI is a microkernel-based distributed operating system developed by Huawei, offering seamless collaboration across devices. There are input validation vulnerabilities in Huawei EMUI and Huawei HarmonyOS. These vulnerabilities stem from the log service’s failure to properly hand...
Mozilla Focus for iOS and Mozilla Klar for iOS have cross-site scripting vulnerabilities
Mozilla Focus for iOS and Mozilla Klar for iOS are mobile web browsers designed with privacy protection in mind by the American Mozilla Foundation. Both browsers have cross-site scripting vulnerabilities. These vulnerabilities arise due to improper input validation during the Webkit navigation...
Microsoft ASP.NET Core resource management error vulnerability
Microsoft ASP.NET Core is a cross-platform open-source framework developed by Microsoft. This framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. There are security vulnerabilities in Microsoft ASP.NET Core. Attackers can exploit...
WordPress plugin WP Meta Sort Posts cross-site request fraud vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP Meta Sort Posts plugin has a cross-site request...
WordPress plugin WPMobi has a cross-site request forgeing vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The wpMobi plugin has a...
WordPress plugin WP-Ultimate-Map has a cross-site request forgeing vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP-Ultimate-Map plugin has a cross-site request...
The WordPress plugin WPForms has an unknown vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a security vulnerability in the WPForms plugin. This vulnerability stems from...
WordPress plugin WP Emoticon Rating cross-site request fraud vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WP Emoticon Rating plugin has a cross-site reques...
WordPress plugin: WP GDPR Cookie consent and cross-site scripting vulnerabilities
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WP GDPR Cookie Consent plugin has a cross-site...
The WordPress plugin Events for GeoDirectory has an unknown vulnerability.
WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in the Events Calendar...
WordPress Plugin Custom Block Builder Cross-Site Script Vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a website. The WordPress Plugin Custom Block Builder has a cross-site...
The WordPress plugin 6Storage Rentals has an unknown vulnerability.
WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in WordPress Plugin...
WordPress Plugin Recover Exit For WooCommerce file contains a vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance functionality of the platform. The "Recover Exit For WooCommerce"...
Apache HTTP Server buffer overflow vulnerability (CNVD-2026-23635)
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a buffer overflow vulnerability present in Apache HTTP Server, but detailed informatio...
Apache HTTP Server infinite loop vulnerability
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...
Apache HTTP Server memory allocation overflow vulnerability
The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server features speed, reliability, and the ability to be expanded through simple APIs. There is a vulnerability in Apache HTTP Server where excessive memory allocation exists;...
jflyfox jfinal_cms SQL injection vulnerability
jfinalcms is a content management system used for managing website sections, articles, and feedback content. jflyfox jfinalcms has a SQL injection vulnerability. The vulnerability arises due to the list function in the AdvicefeedbackController.java file not properly filtering the orderBy paramete...
Apache HTTP Server memory error reference vulnerability
The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. The Apache HTTP Server has a memory corruption vulnerability. Attackers can exploit this...
UOS Desktop 20 Professional of Tongxin Software Technology Co., Ltd has a local privilege escalation vulnerability.
Tongxin Software Technology Co., Ltd. hereinafter referred to as “Tongxin Software” is a Chinese operating system development company. It is a national high-tech enterprise and a gazelle enterprise. Its main business includes the research and development of desktop operating systems, server...