130931 matches found
Apple iOS and iPadOS Information Disclosure Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An information disclosure vulnerability exists in Apple iOS and iPadOS, which stems from a logging issue that could be exploited by an attacker to disclose sensitive use...
Apple macOS Sequoia Code Signature Limit Insufficiency Vulnerability
Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient code signature restriction vulnerability that can be exploited by an attacker to access sensitive user data...
Apple iOS and iPadOS Insufficient Boundary Check Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS suffer from a boundary check insufficiency vulnerability that can be exploited by an attacker to cause a process crash triggered by a malicious HID...
Apple iOS and iPadOS Improvements for Underchecked Vulnerabilities
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...
CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30336)
CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect validation of the parameters iddenuncia and iduser authorization in /backend/api/buscarDocumentosByIdDenunciaUsuario.php. An attacker...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A code issue vulnerability exists in Cisco...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...
Cisco Unified Contact Center Express Path Traversal Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A path traversal vulnerability exists in...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...
Dell CloudLink Command Execution Vulnerability (CNVD-2025-28522)
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
Dell CloudLink Elevation of Privilege Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. An elevation of privilege vulnerability exists in Dell CloudLink, which could be exploited by an attacker to gain access to a database and obtain confidential information...
Dell CloudLink Command Execution Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
Dell CloudLink Command Injection Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A command injection vulnerability exists in Dell CloudLink, which can be exploited by an attacker to execute arbitrary commands on the system...
MantisBT Authorization Issue Vulnerability (CNVD-2025-28527)
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...
LinkAce cross-site scripting vulnerability (CNVD-2025-27898)
LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...
Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11788)
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...
Apple iOS and iPadOS Cache Mishandling Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A cache mishandling vulnerability exists in Apple iOS and iPadOS, which can be exploited by attackers to cause malicious applications to track users...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-822965)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
File upload vulnerability in the multimedia integrated service display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-823176)
Ltd. is a deep-rooted enterprise in the field of visualization. A file upload vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to write arbitrary files...
UFIDA U8 Cloud suffers from SQL injection vulnerabilities (CNVD-C-2025-796292)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-797319)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
Dell Secure Connect Gateway Relative Path Traversal Vulnerability
Dell Secure Connect Gateway is an enterprise-grade secure connectivity gateway appliance from Dell that is used to monitor hardware status, automate the creation of support requests, and securely communicate to safeguard device connectivity to Dell backend services. A relative path traversal...
WordPress Plugin WooCommerce Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WooCommerce, which stems...
WordPress Folderly plugin unauthorized data modification vulnerability
WordPress Folderly plugin is WordPress plugin for virtual folder management that supports categorization and organization of documents, media files and posts. The WordPress Folderly plugin suffers from an unauthorized data modification vulnerability that stems from insufficient capability checkin...
WordPress kallyas plugin code execution vulnerability
WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. A code execution vulnerability exists in WordPress kallyas plugin, which stems from unrestricted non-administrator access to the code editor widget, and can be exploited by an attacker...
WordPress kallyas plugin cross-site scripting vulnerability
WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. WordPress kallyas plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can b...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...
WordPress Qi Blocks plugin missing authorization vulnerability
WordPress Qi Blocks plugin is a WordPress plugin developed by QodeInteractive, providing 81 customized Gutenberg blocks including 48 free modules and 33 premium modules, supporting WooCommerce, SEO and other 9 categories of functionality, creating complex layouts and integrating 550+ templates. A...
WordPress Employee Spotlight plugin cross-site scripting vulnerability
WordPress Employee Spotlight plugin is a plugin for quickly searching and managing WordPress backend content, inspired by the Mac's Spotlight feature, which supports searching for posts, users, plugins, themes, etc., and provides real-time updating and editing features. The WordPress Employee...
WordPress List category posts plugin information leakage vulnerability
WordPress List category posts plugin is a tool in WordPress for outputting specified category posts in a customized order. WordPress List category posts plugin suffers from an information disclosure vulnerability that stems from an insufficient catlist shortcode restriction, which can be exploite...
WordPress Post SMTP plugin Unauthorized Access to Data Vulnerability
WordPress Post SMTP plugin is a tool for solving WordPress website email sending problems, which realizes email sending through SMTP protocol and avoids emails that can't be sent or marked as spam due to server limitations. WordPress Post SMTP plugin suffers from an unauthorized access to data...
Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from multiple devices sharing the...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities (CNVD-2025-27470)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a denial of service vulnerability that stems from vulnerability to...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-27469)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which can be exploited by an attacker to cause a...
D-Link DNS-343 ShareCenter Command Execution Vulnerability
The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...
WordPress Consulting Elementor Widgets plugin file inclusion vulnerability
WordPress Consulting Elementor Widgets plugin is a plugin for the Elementor page builder that allows users to add and customize website content with drag and drop functionality. A file inclusion vulnerability exists in the WordPress Consulting Elementor Widgets plugin, which stems from not...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29079)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a TLS configuration...
Revive Adserver admin-search.php file cross-site scripting vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
DELL Secure Connect Gateway Policy Manager Cross-Site Scripting Vulnerability
DELL Secure Connect Gateway Policy Manager is a Secure Connect Gateway management tool from Dell that is used to configure and manage security policies for SecureConnectGateway SCG devices. A cross-site scripting vulnerability exists in DELL Secure Connect Gateway Policy Manager that originates...
WordPress AppPresser plugin unauthorized data access vulnerability
WordPress AppPresser plugin is a tool for converting WordPress websites into iOS and Android native mobile apps with support for visual customization and feature extensions. WordPress AppPresser plugin suffers from an unauthorized data access vulnerability that stems from a lack of permission...
Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29075)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a firmware version mismatch. ...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29074)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which originates from an internal syste...
WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability
WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...
IBM Tivoli Monitoring Path Traversal Vulnerability
IBM Tivoli Monitoring is a set of system monitoring solutions introduced by IBM, mainly used for real-time monitoring of system performance, availability and application status in the enterprise IT environment. A path traversal vulnerability exists in IBM Tivoli Monitoring that stems from not...
IBM Tivoli Monitoring Path Traversal Vulnerability (CNVD-2025-29672)
IBM Tivoli Monitoring is a set of system monitoring solutions introduced by IBM, mainly used for real-time monitoring of system performance, availability and application status in the enterprise IT environment. A path traversal vulnerability exists in IBM Tivoli Monitoring that stems from not...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29071)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...
WordPress Kleo plugin file inclusion vulnerability
WordPress Kleo plugin is a feature-rich portfolio of themes and plugins in the WordPress ecosystem, primarily used to build social networks, member communities and e-commerce platforms. WordPress Kleo plugin suffers from a file inclusion vulnerability that stems from improper file name control,...
Dell Unity OS Command Injection Vulnerability
Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...
Apache Airflow Security Bypass Vulnerability (CNVD-2025-30838)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. A security bypass vulnerability exists in Apache Airflow, which is...