131179 matches found
Apache Kvrocks Elevation of Privilege Vulnerability
Apache Kvrocks is a distributed key-value NoSQL database from the Apache USA Foundation. Apache Kvrocks suffers from an elevation of privilege vulnerability that is caused by improper privilege management in the RESET command. An attacker can exploit this vulnerability to gain administrator...
Grav Elevation of Privilege Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from an elevation of privilege vulnerability, which stems from a password hash disclosure, and can be exploited by an attacker to cause...
Huawei HarmonyOS/EMUI Post-Release Reuse Vulnerability
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A post-release...
Huawei HarmonyOS/EMUI Access to Invalid Memory Vulnerability
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. An access to...
Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-00138)
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...
Huawei HarmonyOS file management module privilege control vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...
Huawei HarmonyOS video-related system service module denial of service vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in the Huawei HarmonyOS video-related system service module, which can be exploited by attackers to affect...
Huawei HarmonyOS screen recording framework module memory misreference vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30300)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the printing module and can be exploited by an...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30296)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the boot recovery module, and can be exploited b...
Huawei HarmonyOS screen recording framework module memory misreference vulnerability (CNVD-2025-30254)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS screen recording framework module, which can be exploited by attackers to affect...
Huawei HarmonyOS Authentication Bypass Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in Huawei HarmonyOS, which stems from an authentication bypass in the Gallery application, and can be exploited...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30299)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which arises from improper privilege control of distributed components and can be exploited by ...
Huawei HarmonyOS Configuration Flaw Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A configuration flaw vulnerability exists in Huawei HarmonyOS, which stems from a configuration flaw in the file management module, and can be exploited by a...
Huawei HarmonyOS Security Checks for Improper Standards Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an Improper Security Check Criteria vulnerability that originates from an improper security check criterion for the call module...
ChurchCRM Time-Based Blind SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from temporal blind SQL injection, which can be exploited by an attacker to cause data disclosure and modification, deterministic server-side latency...
Grav Insecure Direct Object Reference Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav has an insecure direct object reference vulnerability, the vulnerability stems from the application does not correctly implement the access control...
LIVE555 Streaming Media Post-Release Reuse Vulnerability
LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media suffers from a post-release reuse vulnerability that stems fr...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976457)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Grav denial of service vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a denial of service vulnerability that stems from insufficient input validation, which can be exploited by an attacker to cause a denial...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30455)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70, which stems from th...
Grav server-side template injection vulnerability (CNVD-2025-30342)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that can be exploited by an attacker to cause disclosure of the entire Grav configuration...
Socomec Easy Config System Authentication Bypass Vulnerability
Socomec Easy Config System is a free software tool developed by Socomec for fast, reliable and flexible configuration of its power monitoring and measurement equipment. An authentication bypass vulnerability exists in Socomec Easy Config System, which stems from an authentication bypass in the us...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30346)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30302)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the Notepad module, and can be exploited by an...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30347)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Huawei HarmonyOS Privilege Control Vulnerability (CNVD-2025-30295)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in Huawei HarmonyOS, which stems from improper privilege control of the Wi-Fi module and can be exploited by an...
Grav Code Execution Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...
Grav server-side template injection vulnerability (CNVD-2025-30352)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a server-side template injection vulnerability that stems from insufficient regular expression validation of the cleanDangerousTwig...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30348)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Socomec DIRIS Digiware M-70 Denial of Service Vulnerability (CNVD-2025-30458)
The Socomec DIRIS Digiware M-70 is a communication gateway device that serves as an access point for the DIRIS Digiware system, which combines 24VDC power and communication functions in a single unit. A denial of service vulnerability exists in the Socomec DIRIS Digiware M-70 that stems from the...
Grav Resource Management Error Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a resource management error vulnerability that stems from insufficient input cleanup, which can be exploited by an attacker to cause a...
Huawei HarmonyOS App Lock Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS App Lock module, which can be exploited by attackers to affect availability...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-448742)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-948730)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Apache Hive SQL Injection Vulnerability
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...
Cisco Catalyst Center Operating System Command Injection Vulnerability
Cisco Catalyst Center Cisco DNA Center is a network management system from the American company Cisco. Cisco Catalyst Center Cisco DNA Center suffers from an operating system command injection vulnerability that stems from insufficient user input validation. An attacker could exploit this...
Cisco Catalyst Center Cross-Site Scripting Vulnerability
Cisco Catalyst Center Cisco DNA Center is a network management system from the American company Cisco. Cisco Catalyst Center suffers from a cross-site scripting vulnerability that stems from insufficient user input validation. An attacker could exploit the vulnerability to cause cross-site...
Cisco Catalyst Center Virtual Appliance Input Validation Error Vulnerability
Cisco Catalyst Center Virtual Appliance is a network controller and automated management platform from the American company Cisco Cisco. An input validation error vulnerability exists in the Cisco Catalyst Center Virtual Appliance that stems from improper validation of HTTP request parameters in...
ZTE ElasticNet UME R32 on Linux Mismanagement of Privileges Vulnerability
ZTE ElasticNet UME R32 is a service management and traffic processing platform from China's ZTE Corporation ZTE. A mismanagement of privileges vulnerability exists in ZTE ElasticNet UME R32 on Linux, which can be exploited by an attacker to gain access to functionality that is not properly...
Wireshark Buffer Overflow Vulnerability (CNVD-2025-30215)
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark version 4.6.0 suffers from a buffer overflow vulnerability that stems from a BPv7 pars...
WordPress TAX SERVICE Electronic HDM Missing Authorization Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress TAX SERVICE Electronic HDM, which stems from a lack of authorization and CSRF checks in AJAX operations. An attacker...
TRENDnet TEW-657BRM Command Injection Vulnerability
The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. The TRENDnet TEW-657BRM suffers from a command injection vulnerability that is caused by a flaw in the setup.cgi binary file. An attacker can exploit this vulnerability to execute arbitrary operating system commands on the system...
Cisco Catalyst Center Virtual Appliance Access Control Error Vulnerability
Cisco Catalyst Center Virtual Appliance is a network controller and automated management platform from the American company Cisco Cisco. The Cisco Catalyst Center Virtual Appliance suffers from an Access Control Error vulnerability that stems from insufficient validation of user input. An attacke...
WordPress houzez cross-site scripting vulnerability
WordPress houzez is a WordPress theme designed for real estate brokers and companies, providing powerful Elementor integration, listing management, map search and other features, supporting multi-language and currency conversion, aiming to create a professional and user-friendly real estate...
WordPress Ace Post Type Builder plugin unauthorized custom taxonomy removal vulnerability
WordPress Ace Post Type Builder plugin is a plugin for creating and managing Custom Post Types CustomPostTypes,CPT, which helps users to extend the content structure in WordPress with support for advanced features such as custom fields, categories and tags. WordPress Ace Post Type Builder plugin...
FastAdmin Arbitrary File Read Vulnerability of Shenzhen Extreme Creative Technology Co.
FastAdmin is an open source and free commercial backend development framework, built on ThinkPHP and Bootstrap, with a comprehensive permission management system and one-click generation of CRUD and other powerful features. Shenzhen Extreme Creative Technology Co. FastAdmin arbitrary file reading...
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin unauthorized access vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...
WordPress iframe plugin cross-site scripting vulnerability
The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...