131179 matches found
SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-986300)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-986298)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Google Chrome elevation of privilege vulnerability (CNVD-2025-30386)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome prior to version 143.0.7499.41, which stems from an improper implementation of Google Updater and could lead to an elevation of privilege attack. No details of the vulnerability are...
SQL Injection Vulnerability in PM2 Project Management Platform of Beijing Bangyong Technology Co. Ltd (CNVD-C-2025-983218)
Ltd. is a professional project management software provider, providing advanced and practical project management software and project management informationization related consulting. SQL injection vulnerability exists in the PM2 project management platform of Beijing BangYong Technology Co., Ltd...
Google Chrome Use After Release Vulnerability (CNVD-2026-07245)
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a use-after-free vulnerability that stems from Storage objects being accessed even after they have been released prematurely. An attacker could use this vulnerability to trick a user into visiting a specially craft...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-980402)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
ZEIT Next.js Remote Code Execution Vulnerability
Next.js is a React framework for building full-stack web applications. ZEIT Next.js suffers from a remote code execution vulnerability that stems from Next.js versions 15.x and 16.x relying on a flawed React server-side DOM package when using App Router, which can be exploited by an attacker to...
NVIDIA TAO Resource Loading Vulnerability
NVIDIA TAO is NVIDIA's tool suite for machine learning model development and deployment. NVIDIA TAO suffers from a resource loading vulnerability that can be exploited by attackers to cause elevation of privilege, data tampering, denial of service, and information disclosure hazards...
Meta React Server Components Remote Code Execution Vulnerability
React Server Components is a new component model in the React Framework that allows components to run and render on the server and not execute in the client browser. Meta React Server Components has a remote code execution vulnerability that stems from a lack of security checks when parsing...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30457)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from...
Socomec DIRIS Digiware M-70 Buffer Overflow Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. The Socomec DIRIS Digiware M-70 suffers from a buffer overflow vulnerability that originates fro...
Grav path traversal vulnerability (CNVD-2025-30353)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in the path of a resource or...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976455)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Unspecified Vulnerability in Devolutions Server
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an unspecified vulnerability that originates from exposing credentials...
Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...
Apache bRPC Denial of Service Vulnerability (CNVD-2026-00022)
Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from a denial of service vulnerability due to an uncontrolled recursion flaw in the json2pb component. An attacker could exploit the...
Apache Kvrocks Information Disclosure Vulnerability
Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an information disclosure vulnerability that stems from the MONITOR command disclosing plaintext credentials. An attacker could exploit this vulnerability to obtain sensitive...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30454)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
WordPress StreamTube Core plugin arbitrary user password change vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary user password change vulnerability exists in the WordPress StreamTube Core plugin that originates from providing user-controlled access to objects, allowing a user ...
Apache CloudStack Access Control Error Vulnerability (CNVD-2025-30565)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An Access Control Error vulnerability exists in Apache CloudStack tha...
Devolutions Server SQL Injection Vulnerability
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976466)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976462)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Unspecified Vulnerability in Devolutions Server (CNVD-2025-30126)
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. An unspecified vulnerability exists in Devolutions Server that stems from a non-administrativ...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30453)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
Huawei HarmonyOS Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the memory management module and can be exploite...
Huawei HarmonyOS file management module privilege control vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...
Grav Cross-Site Scripting Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
WordPress Nextend Social Login and Register plugin cross-site request forgery vulnerability
WordPress Nextend Social Login and Register plugin is a free WordPress plugin designed to simplify the registration and login process for website users. A cross-site request forgery vulnerability exists in the WordPress Nextend Social Login and Register plugin, which arises from a web application...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976459)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Socomec DIRIS Digiware M-70 Cross-Site Request Forgery Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A cross-site request forgery vulnerability exists in the Socomec DIRIS Digiware M-70 that stems...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30459)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
WordPress Arconix Shortcodes plugin cross-site scripting vulnerability
WordPress Arconix Shortcodes plugin is a plugin that provides a wide range of shortcode functionality for WordPress websites. WordPress Arconix Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976458)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976469)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30456)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from a...
Grav Path Traversal Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that stems from a path traversal sequence that causes an account YAML file to write to the wrong path. An...
Grav Path Traversal Vulnerability (CNVD-2025-30350)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a path traversal vulnerability that can be exploited by a low-privileged user to read server files, which can be exploited by an attacke...
Grav Server-Side Template Injection Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause arbitrary code execution...
Grav Authorization Issues Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an authorization issue vulnerability that stems from improper authorization checking, which can be exploited by an attacker to cause for...
Grav User Enumeration and Email Disclosure Vulnerabilities
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a user enumeration and email disclosure vulnerability that can be exploited by attackers to enumerate users and disclose sensitive email...
Grav elevation of privilege vulnerability (CNVD-2025-30354)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which can be exploited to cause an elevation of privilege due to a lack of user name uniqueness...
LIVE555 Streaming Media Heap Buffer Overflow Vulnerability (CNVD-2025-30509)
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a heap buffer overflow vulnerability that stems...
LIVE555 Streaming Media Buffer Overflow Vulnerability
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a buffer overflow vulnerability that stems from...
LIVE555 Streaming Media Null Pointer Dereference Vulnerability
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media has a null pointer dereference vulnerability that originates...
Socomec DIRIS Digiware M-70 Plaintext Transfer Vulnerability
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. The Socomec DIRIS Digiware M-70 suffers from a plaintext transmission vulnerability that...
LIVE555 Streaming Media Post-Release Reuse Vulnerability (CNVD-2025-30510)
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...
Huawei HarmonyOS Denial of Service Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from a denial of service in Office Services, and can be exploited by an attack...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976472)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...