131179 matches found
D-Link DWR-M920 operating system command injection vulnerability
The D-Link DWR-M920 is a wireless router that provides network connectivity and configuration management functions. The D-Link DWR-M920 has a command injection vulnerability. This vulnerability stems from the sub412DA0 function in the file/boafrm/formIMEISetup failing to properly validate the...
Google Chrome Reading List Permission Elevation Vulnerability
Google Chrome is a cross-platform web browser developed by Google, offering fast and secure access to the internet. There is a permission escalation vulnerability in Google Chrome’s Reading List feature on iOS. This vulnerability stems from insufficient validation of untrusted inputs. Attackers c...
Beijing Xin'an Century Technology Co., Ltd.'s AG Security Access Gateway has a command execution vulnerability.
Beijing Xin'an Century Technology Co., Ltd. referred to as Xin'an Century was established in August 2001. It is a leading provider of information security products and solutions in China. Beijing Xin'an Century Technology Co., Ltd. has a command execution vulnerability in its AG security access...
GPAC Denial-of-Service Vulnerability (CNVD-2026-23411)
GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contained a denial-of-service vulnerability. This vulnerability stemmed from a segmentation violation in the gfisomapplesettagex function. Attackers could exploit this vulnerability to cause a denial ...
Google Android Information Leakage Vulnerability (CNVD-2026-26112)
Google Android is an open-source operating system based on Linux, developed by Google Inc. Google Android has a vulnerability related to information leakage. This vulnerability arises from logical errors in multiple functions of the KeyguardViewMediator.java file. Attackers can exploit this...
Microsoft Azure HorizonDB authentication bypass vulnerability
Microsoft Azure HorizonDB is a cloud-native PostgreSQL database service provided by Microsoft Corporation. There is a security vulnerability in Microsoft Azure HorizonDB, which stems from bypassing authentication through deception. This could allow unauthorized attackers to escalate their...
Cisco Webex Meetings Cross-site Scripting Vulnerability (CNVD-2026-25125)
Cisco Webex Meetings is a web-based product that provides online meetings, video conferencing, and collaboration features. Cisco Webex Meetings has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of user input. An attacker can exploit this vulnerability...
Zhengfang Software Co., Ltd.'s educational management system has logical defects and vulnerabilities
Positive Software Co., Ltd. hereinafter referred to as "Positive Company" was established in January 1999. It is a software and high-tech enterprise specialized in consulting, planning, construction, and services in the field of higher education informatization. The educational administration...
Google Chrome Resource Management Error Vulnerability (CNVD-2026-23390)
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Downloads component, where memory objects were not properly handled during user interactions...
Google Chrome Input Validation Vulnerability (CNVD-2026-23389)
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation errors, which stemmed from insufficient validation processing by the DataTransfer component for untrusted inputs. Attackers could exploit...
Google Chrome buffer overflow vulnerability (CNVD-2026-23391)
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bound read from the GPU component. Attackers could exploit this vulnerability to obtain sensitive information from the...
Zyxel VMG4005-B50B buffer overflow vulnerability
Zyxel VMG4005-B50B is a network device firmware designed for managing the network functions and configurations of Zyxel VMG4005-B50B router devices. There is a buffer overflow vulnerability present in Zyxel VMG4005-B50B. This vulnerability stems from the UPnP DeletePortMapping command failing to...
Google Chrome Resource Management Error Vulnerability (CNVD-2026-23388)
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability, which stemmed from the Extensions component being reused after being released. Attackers could exploit this vulnerability to execute arbitrary...
Google Chrome Resource Management Error Vulnerability (CNVD-2026-23387)
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.168 contained a resource management vulnerability. This vulnerability stemmed from insufficient validation of memory usage after the Mojo component was released. Attackers could...
Beijing Zhiyuan Internet Software Co., Ltd.'s Zhiyuan A8+ Collaborative Management Software has a vulnerability regarding arbitrary file reading.
Zhiyuan A8+ Collaborative Management Software is designed for groups, international organizations, industrial chains, large organizations, foreign-related work units, and organizational groups. It serves as an integrated portal and work entry point for group-level control and business management...
Yot CMS SQL injection vulnerability
Yot CMS is Yot’s content management system, used for website content publishing and page management. Yot CMS has a SQL injection vulnerability. The vulnerability arises due to the lack of proper filtering of SQL query fragments in the aid and cid parameters of the index.php file. Attackers can...
IBM WebSphere Application Server identity spoofing vulnerability
IBM WebSphere Application Server is a Java enterprise application server developed by IBM. It is primarily used for deploying and managing enterprise-level web applications. IBM WebSphere Application Server has a vulnerability known as “Identity Spoofing.” This vulnerability arises from the failu...
IBM WebSphere Application Server security control bypass vulnerability
IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...
IBM WebSphere Application Server code issue vulnerability (CNVD-2026-23396)
IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...
NVIDIA Display Driver Denial-of-Service Vulnerability
NVIDIA Display Driver is a graphics driver developed by NVIDIA Corporation. NVIDIA Display Driver contains security vulnerabilities. Attackers can exploit these vulnerabilities to cause denial-of-service attacks...
WordPress plugin Felan Framework cross-site scripting vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin Felan Framework has a cross-site...
WordPress plugin Endless Scroll cross-site scripting vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to extend the functionality of the platform. The Endless Scroll plugin has a...
Beijing Shenzhou Shihan Technology Co., Ltd. has a SQL injection vulnerability in its multimedia integrated business display system (CNVD-C-2026-244712).
Beijing Shenzhou Shihan Technology Co., Ltd. is a company that specializes in the field of visualization. The multimedia integrated business display system of Beijing Shenzhou Shihan Technology Co., Ltd. has a SQL injection vulnerability, and attackers can exploit this vulnerability to obtain...
WordPress plugin Easy Prism Syntax Highlighter: Cross-site scripting vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin Easy Prism Syntax Highlighter ha...
WordPress Plugin: Cryptocurrency Price Comparison Widget Cross-site Script Vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to enhance the functionality of the platform. The WordPress plugin...
Google Chrome Bluetooth module memory error and reference vulnerability
Google Chrome is a cross-platform web browser developed by Google. It primarily provides features for web browsing, extension support, and tab management. Google Chrome has a memory error reference vulnerability, which stems from improper management of object lifetimes by the Bluetooth module,...
WordPress plugin CM Ad Changer has a cross-site request fraud vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The WordPress plugin CM Ad Changer has a cross-site...
WordPress plugin Dideo cross-site scripting vulnerability
WordPress is a blog platform developed using the PHP language. It allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin Dideo has a cross-site scripting vulnerability...
WordPress Plugins: Events In City Cross-Site Script Vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The WordPress plugin “Events In City” contains a...
Google Chrome ANGLE component out-of-bounds write vulnerability (CNVD-2026-23393)
Google Chrome is a cross-platform web browser developed by Google. Google Chrome’s Angular components have a out-of-bounds write vulnerability. This vulnerability stems from improper boundary checking during the processing of HTML pages in versions prior to 148.0.7778.216. Attackers can exploit...
WordPress Plugin Formidable Kinetic Cross-site Scripting Vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed on a WordPress site. The Formidable Kinetic plugin has a cross-site scriptin...
Google Chrome ANGLE Memory Error Reference Vulnerability (CNVD-2026-23395)
Google Chrome is a web browser developed by Google, primarily used for accessing the internet and running web applications. A vulnerability exists in Google Chrome related to memory references. This vulnerability stems from issues with memory references, and attackers can exploit it to achieve...
Google Chrome WebXR memory error reference vulnerability (CNVD-2026-23392)
Google Chrome is a web browser developed by Google. It supports multi-platform use and emphasizes security and performance. Google Chrome has a memory error reference vulnerability. This vulnerability stems from the WebXR component’s failure to properly handle object lifecycle, resulting in memor...
WordPress plugin Firebase Support and Chat Management has unknown vulnerabilities
This platform has the capability to set up personal blog websites on a server based on PHP and MySQL. A WordPress plugin is an application plugin. There is a security vulnerability in the WordPress plugin “Firebase Support and Chat Management.” This vulnerability stems from the fact that the...
WordPress Plugin Content Slideshow Cross-site Scripting Vulnerability
WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. The Content Slideshow plugin has a cross-site scripti...
IBM Aspera HSTS for CP4I certification bypass vulnerability
IBM Aspera HSTS for CP4I is a solution for high-speed and secure file transfer, primarily providing features for large-scale data transmission, encryption, and automated workflows. IBM Aspera HSTS for CP4I has a certification bypass vulnerability. This vulnerability arises due to the authenticati...
Beijing Anbo Tong Technology Co., Ltd.'s next-generation firewall has a command execution vulnerability
Beijing Anbotong Technology Co., Ltd. referred to as “Anbotong” is committed to becoming a leader in building a secure computing power ecosystem in the AI era. Its independently developed ABT SPOS visual network security system platform has become a widely adopted network security suite by many...
MTGPU of Moore Threading Technologies (Beijing) Co., Ltd. has a permission escalation vulnerability (CNVD-2026-22916).
Mole Thready Intelligence Technology Beijing Co., Ltd. is a company whose business involves the development of full-featured GPU chips and AI computing solutions, serving organizations in the field of digital transformation. Mole Thready Intelligence Technology Beijing Co., Ltd. has a permission...
Microsoft UFO Shell Action Replay operating system command injection vulnerability
Microsoft UFO is an open-source framework used for intelligent automation across devices and platforms. Microsoft UFO has a vulnerability related to operating system command injection. This vulnerability stems from ShellReceiver.runshell, which fails to properly handle the action parameter. It...
Changsha Metinfo Information Technology Co., Ltd. has a SQL injection vulnerability
MetInfo is an open-source CMS enterprise website building system that can be used for commercial websites without violating licensing agreements. Changsha Mitop Information Technology Co., Ltd.'s MetInfo has a SQL injection vulnerability, and attackers can exploit this vulnerability to access...
MTGPU of Moore Threading Technologies (Beijing) Co., Ltd. has a permission escalation vulnerability (CNVD-2026-22915).
Mole Thready Intelligence Technology Beijing Co., Ltd. is a company whose business involves the development of full-featured GPU chips and AI computing solutions, serving organizations in the field of digital transformation. Mole Thready Intelligence Technology Beijing Co., Ltd. has a permission...
IBM Db2 Denial-of-Service Vulnerability (CNVD-2026-23403)
IBM Db2 is a relational database management system, primarily used for data storage, querying, and management. IBM Db2 has a denial-of-service vulnerability. This vulnerability arises from improper handling of specially crafted heap queries. Attackers can exploit this vulnerability to cause the...
ZTE ZXUniPOS NDS-LTE access control vulnerability
ZTE ZXUniPOS NDS-LTE is a modular baseband unit designed for wireless communication networks. It primarily provides multi-mode and multi-frequency signal processing as well as data aggregation functions. ZTE ZXUniPOS NDS-LTE has an access control vulnerability. This vulnerability arises from the...
IBM Langflow OSS file processing component path traversal vulnerability
IBM Langflow OSS is an open-source low-code tool primarily used for building and deploying applications based on Large Language Models LLMs. IBM Langflow OSS has a path traversal vulnerability. This vulnerability stems from the failure to properly validate symbolic links during the decompression ...
IBM Db2 range partitioned tables denial-of-service vulnerability (CNVD-2026-23402)
IBM Db2 is a relational database management system developed by IBM. It is primarily used for data storage, querying, and analysis. IBM Db2 has a denial-of-service vulnerability that arises from improper handling of specially crafted queries involving range partition tables during execution...
IBM OPENBMC Denial-of-Service Vulnerability
IBM OpenBMC is an open-based board management controller firmware, primarily used for server hardware monitoring and management. IBM OpenBMC has a denial-of-service vulnerability. The vulnerability arises from the failure to properly validate requests from unauthenticated network users. Attackers...
Beijing YishengERP
Diankeyun ERP is an inventory management system developed using thinkPHP + LAYUI. Beijing Yisheng Internet Technology Co., Ltd.'s Diankeyun ERP has a directory traversal vulnerability, allowing attackers to obtain sensitive information through this vulnerability...
Beijing YishengERP
Diankeyun ERP is an inventory management system developed using thinkPHP and LAYUI. Beijing Yisheng Internet Technology Co., Ltd.'s Diankeyun ERP has logical defects and vulnerabilities. Attackers can exploit these vulnerabilities to add users...
Beijing YishengERPSQL
Diankeyun ERP is an inventory management system developed using thinkPHP and LAYUI. Beijing Yisheng Internet Technology Co., Ltd.'s Diankeyun ERP has a SQL injection vulnerability, allowing attackers to obtain sensitive database information...
ZTE MU5250 Access Control Vulnerability
The ZTE MU5250 is a 5G mobile Wi-Fi device produced by ZTE Corporation. The ZTE MU5250 has a vulnerability related to access control. This vulnerability stems from improper configuration of the access control mechanism. Attackers can exploit this vulnerability to obtain information without proper...