IBM Transformation Extender Advanced Log Message Disclosure Vulnerability

IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. IBM Transformation Extender Advanced suffers from a log information disclosure vulnerability that originates from storing sensitive information in ...

OpenEXR has an unspecified vulnerability (CNVD-2025-24792)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in versions prior to OpenEXR 8.0, which can be exploited by an attacker to cause an out-of-bounds write...

OpenEXR has an unspecified vulnerability (CNVD-2025-24791)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR that can be exploited by attackers to cause a buffer overflow...

Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24425)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...

Microsoft 365 Copilot Business Chat Spoofing Vulnerability

Microsoft 365 Copilot Business Chat is an AI chat software from Microsoft Corporation, USA. Microsoft 365 Copilot Business Chat has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...

WordPress Quick Social Login plugin cross-site scripting vulnerability

WordPress Quick Social Login plugin is a plugin that allows users to quickly log in or sign up through social media accounts such as Facebook, Google, Twitter, LinkedIn, Slack and WordPress.com. The WordPress Quick Social Login plugin suffers from a cross-site scripting vulnerability that stems...

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24705)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...

WordPress plugin WP BookWidgets cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP BookWidgets cross-site scripting vulnerability , the vulnerability stems fr...

WordPress TopBar plugin cross-site request forgery vulnerability

WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...

WordPress Theme Importer plugin cross-site request forgery vulnerability

WordPress Theme Importer plugin is mainly used to import website content such as pages, menus, images, etc. from other platforms or websites into WordPress for quick migration or rebuilding of websites. The WordPress Theme Importer plugin suffers from a cross-site request forgery vulnerability,...

WordPress Shortcode Button plugin cross-site scripting vulnerability

WordPress Shortcode Button plugin is a plugin or function to quickly insert buttons through a short code, mainly used to simplify the process of adding buttons to a page or post, support for custom styles and parameter settings. WordPress Shortcode Button plugin has a cross-site scripting...

WordPress Rich Snippet Site Report plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Rich Snippet Site Report plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping of user-supplied parameter last and...

WordPress Outdoor plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Outdoor plugin suffers from a SQL injection vulnerability that stems from a lack of validation of the edit parameter. An attacker can exploit this vulnerability to...

WordPress Orion SMS OTP Verification plugin elevation of privilege vulnerability

WordPress Orion SMS OTP Verification plugin is an authentication plugin for WordPress that enables user verification by sending a one-time password OTP via text message SMS. An elevation of privilege vulnerability exists in the WordPress Orion SMS OTP Verification plugin, which can be exploited b...

WordPress Oceanpayment CreditCard Gateway plugin Access Control Error Vulnerability

WordPress Oceanpayment CreditCard Gateway plugin is a plugin for integrating credit card payments in your WordPress website, which enables transactions through the payment gateway provided by Oceanpayment. The WordPress Oceanpayment CreditCard Gateway plugin suffers from an Access Control Error...

WordPress Library Management System plugin unauthorized data modification vulnerability

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

WordPress Keyy Two Factor Authentication plugin Privilege Escalation Vulnerability

WordPress Keyy Two Factor Authentication plugin is a plugin for enhancing the login security of your website. A privilege escalation vulnerability exists in the WordPress Keyy Two Factor Authentication plugin, which can be exploited by an attacker to cause an elevation of privilege, due to a...

WordPress FunKItools plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...

WordPress Felan Framework plugin unauthorized data modification vulnerability

The WordPress Felan Framework plugin is a plugin with security vulnerabilities, mainly related to authentication issues. WordPress Felan Framework plugin has an unauthorized data modification vulnerability that stems from a lack of permission checking in the processpluginactions function, which c...

WordPress Find And Replace content plugin cross-site scripting vulnerability

WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...

WordPress Dynamically Display Posts plugin SQL Injection Vulnerability

WordPress Dynamically Display Posts plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. WordPress Dynamically Display Posts plugin suffers from a SQL injection vulnerability that stems from a lack of...

WordPress External Login plugin SQL Injection Vulnerability

The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. WordPress External Login plugin is prone to SQL injection vulnerability, which is caused by...

WordPress DocoDoco Store Locator plugin Arbitrary File Upload Vulnerability

WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...

WordPress Digiseller plugin cross-site scripting vulnerability

WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...

WordPress Content Writer plugin information disclosure vulnerability

WordPress Content Writer plugin is a WordPress plugin mainly used to help users efficiently manage the website content creation, providing convenient content generation and publishing functions. WordPress Content Writer plugin has an information disclosure vulnerability that originates from...

WordPress Dhivehi Text plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Dhivehi Text plugin, which stems from a lack of effective filtering and escaping of dhivehi short code, and can be...

WordPress Classified Pro plugin Unauthorized Plugin Installation Vulnerability

WordPress Classified Pro plugin is a plugin for quickly creating a classified ad section on a WordPress website, supporting different scenarios of listings management such as automotive, second-hand trading, etc., and providing features such as searching, ad space configuration, and text...

WordPress Binary MLM Plan plugin elevation of privilege vulnerability

WordPress Binary MLM Plan plugin is a WordPress plugin designed for network marketing, mainly used to simplify the operational process of multi-level marketing MLM business. WordPress Binary MLM Plan plugin suffers from an elevation of privilege vulnerability that stems from the bmpuser role...

Fortinet FortiDLP Log Information Disclosure Vulnerability

Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a log information disclosure vulnerability that originates from the insertion of sensitive information into a log file, which can be exploited by an attacker to cause...

Fortinet FortiDLP Path Traversal Vulnerability

Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a path traversal vulnerability, which stems from the program failing to properly filter special elements in the path of a resource or file, and can be exploited by an...

D-Link Nuclias Connec Login Endpoint Observable Response Discrepancy Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...

D-Link Nuclias Connect Observable Response Discrepancy Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...

Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...

Adobe Animate Out-of-Bounds Read Vulnerability (CNVD-2025-24423)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a memory information leak...

Adobe Animate Null Pointer Dereference Vulnerability (CNVD-2025-24422)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a memory information disclosure...

Opencast Information Disclosure Vulnerability (CNVD-2025-24789)

Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast versions prior to 17.8 and prior to 18.2, which can be exploited by attackers to cause accidental distribution...

Flowise File Upload Vulnerability (CNVD-2025-24788)

Flowise is a FlowiseAI open source tool for easily building LLM applications. A file upload vulnerability exists in Flowise version 3.0.7, which stems from a file upload process that does not validate the file extension, MIME type, or file content, and can be exploited by an attacker to cause...

D-Link DIR-852 HNAP1 File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

D-Link DI-7001 MINI OS Command Injection Vulnerability

D-Link DI-7001 MINI is a multi-functional intelligent gateway from China AUO D-Link. The D-Link DI-7001 MINI suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

D-Link DI-7001 MINI Buffer Overflow Vulnerability

D-Link DI-7001 MINI is a multi-functional intelligent gateway from China AUO D-Link. The D-Link DI-7001 MINI suffers from a buffer overflow vulnerability, which is caused by incorrect bounds checking of functions in the file /dbsrv.asp. An attacker could exploit the vulnerability to execute...

Mongoose Buffer Overflow Vulnerability

Mongoose is a MongoDB object modeling designed to work in an asynchronous environment. Mongoose suffers from a buffer overflow vulnerability that stems from a boundary error when the application processes untrusted input, which can be exploited by an attacker to cause an application crash or buff...

Unspecified Vulnerability in Wireshark (CNVD-2025-24785)

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability that can be exploited by an attacker to cause a denial of...

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2025-24729)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS, which can be exploited by an attacker to cause a privileged administrator to bypass system restrictions and execute arbitrary...

Unspecified Vulnerability in Apache StreamPark (CNVD-2025-24728)

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...

ChurchCRM Authentication Error Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...

Unspecified vulnerability in SAMSUNG Mobile devices (CNVD-2025-24783)

SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which can be exploited by attackers to cause...

IBM Aspera Information Disclosure Vulnerability (CNVD-2025-25473)

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera that stems from an observable difference in the returned data, which can be exploited by an...

Unspecified Vulnerability in HCL BigFix WebUI

HCL BigFix WebUI is a web based administration page of HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an improper response to the HOST information in the HTTP header field, and can be exploited by an attacker to cause a host header poisoning attack...

Microsoft 365 Copilot Business Chat Spoofing Vulnerability (CNVD-2025-25468)

Microsoft 365 Copilot Business Chat is an AI chat software from Microsoft Corporation, USA. Microsoft 365 Copilot Business Chat has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...

Microsoft 365 Word Copilot Spoofing Vulnerability

Microsoft 365 Word Copilot is an AI assistant from Microsoft Corporation, USA. Microsoft 365 Word Copilot has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...