131179 matches found
Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28715)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Workers component. An attacker can exploit this...
Intel CIP elevation of privilege vulnerability (CNVD-2025-28672)
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from improper external control of filenames or paths, and no details of the vulnerability are...
Adobe InDesign Desktop Heap Buffer Overflow Vulnerability
Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
Unspecified Vulnerability in Rockwell Automation Verve Asset Manager
Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...
WordPress Plugin Auto Amazon Links - Amazon Associates Affiliate Arbitrary File Read Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An arbitrary file read vulnerability exists in the WordPress plugin Auto Amazon Links - Amazon...
WordPress Plugin Authors List Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Authors List, which stem...
Rockwell Automation FactoryTalk DataMosaix Private Cloud Cross-Site Scripting Vulnerability
Rockwell Automation FactoryTalk DataMosaix Private Cloud is an industrial data platform product from Rockwell Automation USA. Rockwell Automation FactoryTalk DataMosaix Private Cloud suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...
WordPress Plugin Add Multiple Marker Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Add Multiple Marker, which stems from a...
Mozilla Firefox and Firefox ESR Spoofing Vulnerability (CNVD-2025-28714)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A spoofing vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to conduct spoofing attacks...
Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28712)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...
Intel CIP Code Issue Vulnerability
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP has a code issue vulnerability that stems from an unrestricted upload of dangerous types of files, which can be exploited by attackers to cause data tampering...
Intel CIP elevation of privilege vulnerability (CNVD-2025-28674)
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from a protection mechanism failure, which can be exploited by an attacker to cause an elevation...
Intel Gaudi Resource Management Error Vulnerability
Intel Gaudi is a family of AI gas pedal chips developed by Intel subsidiary HabanaLabs and designed for deep learning training and inference tasks. Intel Gaudi suffers from a resource management error vulnerability that stems from uncontrolled resource consumption, which can be exploited by an...
Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29965)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-29932)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-29933)
Microsoft Excel is a powerful spreadsheet software developed by Microsoft. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...
Unspecified Vulnerability in AXIS OS
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...
ZOHO ManageEngine OpManager Cross-Site Scripting Vulnerability (CNVD-2025-29925)
ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A cross-site scripting vulnerability exists in ZOHO ManageEngine OpManager, no detailed vulnerability details are available at this time...
ZOHO ManageEngine Applications Manager Command Injection Vulnerability
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. A command injection...
ZOHO ManageEngine Exchange reporter Plus cross-site scripting vulnerability (CNVD-2025-29920)
ZOHO ManageEngine Exchange reporter Plus is a Web-based Microsoft Exchange reporting, auditing and monitoring software from ZOHO. A cross-site scripting vulnerability exists in Zoho ManageEngine Exchange Reporter Plus, which can be exploited by an attacker to create privileged accounts and gain...
SAP Business Connector Cross-Site Scripting Vulnerability (CNVD-2025-29169)
SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector due to improper validation of user-supplied input in the PRTG Web Monitor web interface. An attacker could exploit the vulnerability to access or modify information with...
Adobe InCopy Memory Misreference Vulnerability (CNVD-2025-28654)
Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe InCopy, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability
ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. A SQL injection vulnerability exists in ZOHO ManageEngine Analytics Plus. An attacker can use this vulnerability to view, add, modify, or...
WordPress Plugin Document Pro Elementor Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Document Pro Elementor has an information disclosure vulnerability, the...
Mozilla Firefox and Firefox ESR Code Execution Vulnerability
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A code execution vulnerability exists in Mozilla Firefox and Firefox ESR, which stems from a post-release reuse issue in the Audio/Video component, and can be exploited by an...
Unspecified Vulnerability in WordPress Plugin TNC Toolbox Web Performance
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin TNC Toolbox Web Performance, which stem...
Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28719)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Notifications component. An attacker can exploit this...
Adobe Substance3D Stager Memory Misreference Vulnerability
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Substance3D Stager, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-29962)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28668)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...
Tenda AX3 get_parentControl_list_Info function stack buffer overflow vulnerability
Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the urls parameter in th...
Adobe Pass Authentication Android SDK Incorrect Authorization Vulnerability
Adobe Pass Authentication Android SDK is a Java library for Android applications from the American company Audobee Adobe. The Adobe Pass Authentication Android SDK suffers from an incorrect authorization vulnerability that can be exploited by attackers to bypass security measures and gain...
Intel QAT Windows software out-of-bounds read vulnerability
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has an out-of-bounds read vulnerability that originates from an...
Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28642)
Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...
Intel QAT Windows software code issue vulnerability
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A code issue vulnerability exists in Intel QAT Windows software that originates from an improper conditi...
Intel QAT Windows software out-of-bounds write vulnerability
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. An out-of-bounds write vulnerability exists in Intel QAT Windows software that originates from an...
Intel QAT Windows software untrustworthy pointer dereference vulnerability
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. An untrusted pointer dereference vulnerability exists in Intel QAT Windows software, which can be...
Intel QAT Windows software buffer overflow vulnerability
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has a buffer overflow vulnerability that originates from a buffer overflo...
Microsoft Office Code Execution Vulnerability (CNVD-2026-00028)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...
Tenda AC18 guestSsid Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the /goform/WifiGuestSet interface guestSsid parameter fails to correctly...
Intel QAT Windows software null pointer dereference vulnerability
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A null pointer dereference vulnerability exists in Intel QAT Windows software, which can be exploited by...
Adobe Substance3D Stager Out-of-Bounds Read Vulnerability
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. Adobe Substance3D Stager suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-851224)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Intel CIP Elevation of Privilege Vulnerability
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from improper privilege management and can be exploited by an attacker to cause elevation of...
Adobe Format Plugins Memory Misreference Vulnerability
Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from a memory misreference vulnerability that can be exploited by attackers to cause memory exposure and information disclosure...
Intel CIP elevation of privilege vulnerability (CNVD-2025-28465)
Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from mismanagement of privileges and can be exploited by an attacker to cause elevation of...
Tenda AX3 wlSetExternParameter function stack buffer overflow vulnerability
Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the wpapskcrypto paramet...
Adobe Format Plugins Out-of-Bounds Read Vulnerability
Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that could be exploited by an attacker to cause code execution in the current user's environment...
Intel QAT Windows software buffer overflow vulnerability (CNVD-2025-30759)
Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A buffer overflow vulnerability exists in the Intel QAT Windows software, which originates from a buffer...
Adobe Format Plugins Out-of-Bounds Read Vulnerability (CNVD-2025-28643)
Adobe Format Plugins is a format plug-in from the American company Audobee Adobe. Adobe Format Plugins suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...