130931 matches found
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30347)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30348)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav server-side template injection vulnerability (CNVD-2025-30352)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that stems from insufficient regular expression validation of the cleanDangerousTwig...
Grav path traversal vulnerability (CNVD-2025-30353)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in the path of a resource or...
Grav Resource Management Error Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a resource management error vulnerability that stems from insufficient input cleanup, which can be exploited by an attacker to cause a...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30453)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30454)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30455)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30456)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from a...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30457)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30458)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30459)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
LIVE555 Streaming Media Heap Buffer Overflow Vulnerability (CNVD-2025-30509)
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a heap buffer overflow vulnerability that stems...
Apache CloudStack Access Control Error Vulnerability (CNVD-2025-30565)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An Access Control Error vulnerability exists in Apache CloudStack tha...
WordPress Arconix Shortcodes plugin cross-site scripting vulnerability
WordPress Arconix Shortcodes plugin is a plugin that provides a wide range of shortcode functionality for WordPress websites. WordPress Arconix Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
WordPress Nextend Social Login and Register plugin cross-site request forgery vulnerability
WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...
WordPress StreamTube Core plugin arbitrary user password change vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...
Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-00138)
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...
Huawei HarmonyOS/EMUI Access to Invalid Memory Vulnerability
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. An access to...
Grav Path Traversal Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that stems from a path traversal sequence that causes an account YAML file to write to the wrong path. An...
Grav User Enumeration and Email Disclosure Vulnerabilities
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a user enumeration and email disclosure vulnerability that can be exploited by attackers to enumerate users and disclose sensitive email...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976457)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Huawei HarmonyOS Authentication Bypass Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in Huawei HarmonyOS, which stems from an authentication bypass in the Gallery application, and can be exploited...
LIVE555 Streaming Media Post-Release Reuse Vulnerability
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...
Huawei HarmonyOS App Lock Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS App Lock module, which can be exploited by attackers to affect availability...
Grav Insecure Direct Object Reference Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav has an insecure direct object reference vulnerability, the vulnerability stems from the application does not correctly implement the access control...
Grav Code Execution Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...
Apache Kvrocks Information Disclosure Vulnerability
Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an information disclosure vulnerability that stems from the MONITOR command disclosing plaintext credentials. An attacker could exploit this vulnerability to obtain sensitive...
Grav elevation of privilege vulnerability (CNVD-2025-30354)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which can be exploited to cause an elevation of privilege due to a lack of user name uniqueness...
Huawei HarmonyOS Denial of Service Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from a denial of service in Office Services, and can be exploited by an attack...
Huawei HarmonyOS screen recording framework module memory misreference vulnerability (CNVD-2025-30254)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...
Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...
Huawei HarmonyOS Configuration Flaw Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A configuration flaw vulnerability exists in Huawei HarmonyOS, which stems from a configuration flaw in the file management module, and can be exploited by a...
LIVE555 Streaming Media Post-Release Reuse Vulnerability (CNVD-2025-30510)
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...
Unspecified Vulnerability in Devolutions Server (CNVD-2025-30126)
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unspecified vulnerability exists in Devolutions Server that stems from a non-administrativ...
Huawei HarmonyOS file management module privilege control vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...
LIVE555 Streaming Media Null Pointer Dereference Vulnerability
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media has a null pointer dereference vulnerability that originates...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30296)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the boot recovery module, and can be exploited b...
Grav Authorization Issues Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an authorization issue vulnerability that stems from improper authorization checking, which can be exploited by an attacker to cause for...
Huawei HarmonyOS/EMUI Post-Release Reuse Vulnerability
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A post-release...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30299)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which arises from improper privilege control of distributed components and can be exploited by ...
Socomec DIRIS Digiware M-70 Buffer Overflow Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. The Socomec DIRIS Digiware M-70 suffers from a buffer overflow vulnerability that originates fro...
Socomec DIRIS Digiware M-70 Cross-Site Request Forgery Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A cross-site request forgery vulnerability exists in the Socomec DIRIS Digiware M-70 that stems...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-448742)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-948730)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
TRENDnet TEW-657BRM Command Injection Vulnerability
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. The TRENDnet TEW-657BRM suffers from a command injection vulnerability that is caused by a flaw in the setup.cgi binary file. An attacker can exploit this vulnerability to execute arbitrary operating system commands on the system...
Cisco Catalyst Center Virtual Appliance Access Control Error Vulnerability
Cisco Catalyst Center Virtual Appliance is a network controller and automated management platform from the American company Cisco Cisco. The Cisco Catalyst Center Virtual Appliance suffers from an Access Control Error vulnerability that stems from insufficient validation of user input. An attacke...
WordPress houzez cross-site scripting vulnerability
WordPress houzez is a WordPress theme designed for real estate brokers and companies, providing powerful Elementor integration, listing management, map search and other features, supporting multi-language and currency conversion, aiming to create a professional and user-friendly real estate...
Cisco Catalyst Center Virtual Appliance Input Validation Error Vulnerability
Cisco Catalyst Center Virtual Appliance is a network controller and automated management platform from the American company Cisco Cisco. An input validation error vulnerability exists in the Cisco Catalyst Center Virtual Appliance that stems from improper validation of HTTP request parameters in...