131179 matches found
Google Chrome Code Problem Vulnerability (CNVD-2025-29239)
Google Chrome is Google's web browser. A security vulnerability exists in Google Chrome versions prior to 134.0.6998.35, which stems from an inadequate validation mechanism for the web application installation process. The vulnerability can be exploited by an attacker to conduct an interface...
Linksys E1200 Command Injection Vulnerability
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...
Rockwell Automation Arena Stack Buffer Overflow Vulnerability
Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...
Student Record System register.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of external input SQL statements for multiple parameters in register.php. An attacker can exploit this vulnerability to execute illegal SQL...
Apache OpenOffice External File Loading Vulnerability
Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...
Student Record System admin-profile.php file cross-site scripting vulnerability
Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...
WordPress Survey Maker plugin unauthorized access vulnerability
WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. An unauthorized access vulnerability exists in the WordPress Survey Maker plugin, which stems from a lack...
Inventory Management System PROID Parameter SQL Injection Vulnerability
Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the PROID parameter in the /index.php?q=product file that does not securely filter user input. An attacker can exploit this vulnerability ...
Google Chrome Buffer Overflow Vulnerability (CNVD-2025-29237)
Google Chrome is a web browser developed by Google. A security vulnerability exists in versions prior to Google Chrome 133.0.6943.141, which stems from the V8 engine mishandling malicious HTML pages. The vulnerability can be exploited by an attacker to trigger heap corruption via specially crafte...
DELL Alienware Command Center Improper Access Control Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An improper access control vulnerability exists in DELL Alienware Command Center, which can be exploit...
DELL Alienware Command Center No Action Response Error Condition Detection Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center suffers from a no action response error condition detection vulnerabilit...
Desktop Alert PingAlert Cross-Site Scripting Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...
Google Chrome Code Problem Vulnerability (CNVD-2025-29240)
Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 136.0.7103.59, which stems from a flaw in the security handling of the sandboxing mechanism. The vulnerability can be exploited by an attacker to achieve a sandbox escape via a...
Student Record System change-password.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...
Student Record System admin-profile.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-859401)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-859399)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Easy Email Subscription plugin cross-site scripting vulnerability
The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-29964)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-29930)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29961)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...
Adobe InDesign Memory Misreference Vulnerability (CNVD-2025-29699)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a memory misreference vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the current user...
Intel CIP Improper Access Control Vulnerability
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...
WordPress Team Members Showcase plugin cross-site scripting vulnerability
WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...
WordPress Payments Braintree For WooCommerce plugin authorization bypass vulnerability
WordPress Payments Braintree For WooCommerce plugin is a payment plugin designed specifically for WordPress websites, which supports payments done through both PayPal and credit cards. The WordPress Payments Braintree For WooCommerce plugin suffers from an authorization bypass vulnerability that...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2025-28721)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability caused by an incorrect boundary condition in the Graphics:WebGPU component, which can be exploited by an attacker to execute arbitrary code ...
WordPress Plugin Chart Expert Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Chart Expert, which stems...
Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...
Rockwell Automation Studio 5000 Simulation Interface Code Execution Vulnerability
Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2025-28722)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability caused by an incorrect boundary condition in the Graphics:WebGPU component, which can be exploited by an attacker to execute arbitrary code ...
Mozilla Firefox and Firefox ESR Code Execution Vulnerability (CNVD-2025-28713)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR, which is caused by a WebRTC Audio/Video component reuse after release issue, and can be exploited by a...
Mozilla Firefox Code Execution Vulnerability (CNVD-2025-28723)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A code execution vulnerability exists in Mozilla Firefox, which stems from a memory security issue and can be exploited by an attacker to execute arbitrary code on a system...
WordPress Plugin Astra Security Suite - Firewall & Malware Scan Authorization Issues Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress plugin Astra Security Suite -...
WordPress CTL Arcade Lite plugin cross-site request forgery vulnerability
WordPress CTL Arcade Lite plugin is a WordPress plugin for creating professional-grade arcade game websites with support for ad management, social sharing, leaderboards and more. The WordPress CTL Arcade Lite plugin suffers from a cross-site request forgery vulnerability, which originates from a...
Adobe Substance3D Stager Memory Misreference Vulnerability (CNVD-2025-29692)
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
SAP Business Connector Input Validation Error Vulnerability
SAP Business Connector is a middleware from SAP, Germany. An input validation error vulnerability exists in SAP Business Connector, which can be exploited by an attacker to disclose sensitive information and cause unauthorized operations...
Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29963)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which is caused by an untrusted pointer dereference. An attacker could exploit the vulnerability to obtain sensitive information...
Adobe Illustrator on iPad Out-of-Bounds Write Vulnerability
Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...
Microsoft Office Code Execution Vulnerability (CNVD-2026-00027)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...
Microsoft Office Code Execution Vulnerability (CNVD-2025-29929)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Microsoft Configuration Manager Elevation of Privilege Vulnerability
Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up-to-date, set configuration and security policies, and monitor system status. An elevation of privilege vulnerability exists in Microsoft...
Adobe Substance3D Stager Integer Underflow Vulnerability
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an integer underflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29921)
ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts within the...
ZOHO ManageEngine Exchange reporter Plus Cross-Site Scripting Vulnerability
ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...
Adobe Illustrator on iPad Heap Buffer Overflow Vulnerability
Adobe Illustrator on iPad is a set of vector-based image creation software from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Illustrator on iPad, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...
Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28644)
Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...
Tenda AX3 fromSetWifiGusetBasic function stack buffer overflow vulnerability
Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the shareSpeed parameter...
ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29922)
ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in ZOHO ManageEngine Exchange reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...
Mozilla Firefox and Firefox ESR Buffer Overflow Vulnerability (CNVD-2025-28717)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from a buffer overflow vulnerability that stems from an incorrect boundary condition in a JavaScript WebAssembly component, which can be...
Mozilla Firefox and Firefox ESR Code Execution Vulnerability (CNVD-2025-28718)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR due to a race condition in the Graphics component that can be exploited by an attacker to execute...