Intel CIP Improper Access Control Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...

Intel CIP Input Validation Error Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an input validation error vulnerability that stems from improper input validation, which can be exploited by an attacker to cause information...

WordPress Payments Braintree For WooCommerce plugin authorization bypass vulnerability

WordPress Payments Braintree For WooCommerce plugin is a payment plugin designed specifically for WordPress websites, which supports payments done through both PayPal and credit cards. The WordPress Payments Braintree For WooCommerce plugin suffers from an authorization bypass vulnerability that...

Tenda AC18 ssid parameter cross-site scripting vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by th...

Tenda AX-1803 sub_4F55C function stack buffer overflow vulnerability

Tenda AX-1803 is a dual-band Gigabit WiFi6 wireless router from Tenda that supports dual bands of 2.4GHz and 5GHz with a maximum transmission rate of 1774Mbps for home or small office scenarios. The Tenda AX-1803 suffers from a stack buffer overflow vulnerability that originates from the wanMTU...

Tenda AX3 saveParentControlInfo function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability, which stems from the deviceId parameter of t...

Tenda AX3 get_parentControl_list_Info function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the urls parameter in th...

Tenda AX3 wlSetExternParameter function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the wpapskcrypto paramet...

WordPress CTL Arcade Lite plugin cross-site request forgery vulnerability

WordPress CTL Arcade Lite plugin is a WordPress plugin for creating professional-grade arcade game websites with support for ad management, social sharing, leaderboards and more. The WordPress CTL Arcade Lite plugin suffers from a cross-site request forgery vulnerability, which originates from a...

Intel QAT Windows software buffer overflow vulnerability (CNVD-2025-30759)

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A buffer overflow vulnerability exists in the Intel QAT Windows software, which originates from a buffer...

Adobe Substance3D Stager Memory Misreference Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2025-28722)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability caused by an incorrect boundary condition in the Graphics:WebGPU component, which can be exploited by an attacker to execute arbitrary code ...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-28652)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Mozilla Firefox and Firefox ESR Code Execution Vulnerability (CNVD-2025-28718)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR due to a race condition in the Graphics component that can be exploited by an attacker to execute...

Mozilla Firefox and Firefox ESR Buffer Overflow Vulnerability (CNVD-2025-28717)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from a buffer overflow vulnerability that stems from an incorrect boundary condition in a JavaScript WebAssembly component, which can be...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28712)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

Adobe InCopy Heap Buffer Overflow Vulnerability

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-29930)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28715)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Workers component. An attacker can exploit this...

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. A SQL injection vulnerability exists in ZOHO ManageEngine Analytics Plus. An attacker can use this vulnerability to view, add, modify, or...

Adobe InDesign Memory Misreference Vulnerability (CNVD-2025-29699)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a memory misreference vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

Adobe Illustrator on iPad Integer Dive Vulnerability (CNVD-2025-28650)

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. Adobe Illustrator on iPad suffers from an integer sneak vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Mozilla Firefox and Firefox ESR Code Execution Vulnerability (CNVD-2025-28713)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused by a WebRTC Audio/Video component reuse after release issue, and can be exploited by a...

SAP Business Connector Cross-Site Scripting Vulnerability (CNVD-2025-29169)

SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector due to improper validation of user-supplied input in the PRTG Web Monitor web interface. An attacker could exploit the vulnerability to access or modify information with...

Microsoft Nuance PowerScribe 360 Information Disclosure Vulnerability

Microsoft Nuance PowerScribe 360 is a medical image reporting system for speech recognition, report generation and workflow management in radiology. An information disclosure vulnerability exists in Microsoft Nuance PowerScribe 360, which is due to improper authorization validation. An attacker...

Mozilla Firefox Code Execution Vulnerability (CNVD-2025-28720)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that originates from a compilation error in the JIT component of the JavaScript Engine, which can be exploited by an attacker to execute...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29962)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Ivanti Endpoint Manager Privilege Issues Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a privilege issue...

Unspecified Vulnerability in AXIS OS

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...

Rockwell Automation FactoryTalk DataMosaix Private Cloud Cross-Site Scripting Vulnerability

Rockwell Automation FactoryTalk DataMosaix Private Cloud is an industrial data platform product from Rockwell Automation USA. Rockwell Automation FactoryTalk DataMosaix Private Cloud suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29933)

Microsoft Excel is a powerful spreadsheet software developed by Microsoft. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

SAP Business Connector Input Validation Error Vulnerability

SAP Business Connector is a middleware from SAP, Germany. An input validation error vulnerability exists in SAP Business Connector, which can be exploited by an attacker to disclose sensitive information and cause unauthorized operations...

Intel CIP Information Disclosure Vulnerability (CNVD-2025-28673)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an information disclosure vulnerability that stems from mismanagement of privileges, which can be exploited by an attacker to cause information...

Adobe Illustrator on iPad Out-of-Bounds Write Vulnerability

Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Microsoft Configuration Manager Elevation of Privilege Vulnerability

Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up-to-date, set configuration and security policies, and monitor system status. An elevation of privilege vulnerability exists in Microsoft...

WordPress Easy Email Subscription plugin cross-site scripting vulnerability

The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-29964)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

Mozilla Firefox Code Execution Vulnerability (CNVD-2025-28723)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A code execution vulnerability exists in Mozilla Firefox, which stems from a memory security issue and can be exploited by an attacker to execute arbitrary code on a system...

WordPress Plugin Astra Security Suite - Firewall & Malware Scan Authorization Issues Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress plugin Astra Security Suite -...

Adobe InCopy Memory Misreference Vulnerability (CNVD-2025-28654)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe InCopy, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

SAP Business Connector Path Traversal Vulnerability

SAP Business Connector is a middleware from SAP, Germany. SAP Business Connector suffers from a path traversal vulnerability that can be exploited by an attacker to traverse directories on the system to read, write, overwrite, and delete arbitrary files on the host system...

Mozilla Firefox and Firefox ESR Code Execution Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR, which stems from a post-release reuse issue in the Audio/Video component, and can be exploited by an...

WordPress Coon Maps plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Coon Maps plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

Adobe InDesign Memory Misreference Vulnerability (CNVD-2025-29698)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a memory misreference vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...

Tenda AX-1803 SetSysTimeCfg function stack buffer overflow vulnerability

Tenda AX-1803 is a dual-band Gigabit WiFi6 wireless router from Tenda that supports dual bands of 2.4GHz and 5GHz with a maximum transmission rate of 1774Mbps for home or small office scenarios. The Tenda AX-1803 suffers from a stack buffer overflow vulnerability that originates from the time...

Unspecified Vulnerability in WordPress Plugin TNC Toolbox Web Performance

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin TNC Toolbox Web Performance, which stem...

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2025-29343)

Microsoft Visual Studio is a family of development toolkits from Microsoft Corporation in the United States and is a fundamentally complete set of development tools. A remote code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an attacker to execute code on t...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-848882)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

QNAP File Station 5 Unlimited or Unthrottled Resource Allocation Vulnerability (CNVD-2025-30286)

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited or Unthrottled Resource Allocation vulnerability, which can be exploited by an attacker to prevent other systems,...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29175)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...