131179 matches found
Shanghai Lingdang Information Technology Co., Ltd.'s Lingdang CRM has a SQL injection vulnerability (CNVD-C-2026-242520).
Lingdang CRM is a CRM software developed by Shanghai Lingdang Information Technology Co., Ltd. It is suitable for small and medium-sized enterprises that primarily engage in sales and service businesses. Shanghai Lingdang Information Technology Co., Ltd.’s Lingdang CRM has a SQL injection...
Microsoft Office SharePoint code-related vulnerabilities
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. There is a security vulnerability present in Microsoft Office SharePoint. Attackers can exploit this vulnerability to execute code via the network...
Shenzhen Meikexing Communication Technology Co., Ltd.'s MW330R has a binary vulnerability
The MW330R is an 11N wireless broadband router. The MW330R from Shenzhen Meikexing Communication Technology Co., Ltd has a binary vulnerability that can be exploited by attackers to cause a denial-of-service attack...
Microsoft Malware Protection Engine heap buffer overflow vulnerability
The Microsoft Malware Protection Engine is a core component developed by Microsoft for malware protection, used to scan and detect malicious code. The Microsoft Malware Protection Engine has a heap buffer overflow vulnerability. This vulnerability arises from improper handling of input data,...
Cisco Secure Workload Access Control Vulnerability
Cisco Secure Workload is a software product developed by Cisco, Inc., in the United States. It allows users to install software agents on their application workloads. Cisco Secure Workload has a security vulnerability related to access control. This vulnerability stems from insufficient access...
Cisco ThousandEyes Enterprise Agent BrowserBot component has a command injection vulnerability
Cisco ThousandEyes Enterprise Agent is an enterprise network monitoring tool, primarily used for monitoring network performance and application experiences. The Cisco ThousandEyes Enterprise Agent has a command injection vulnerability. This vulnerability stems from insufficient validation of...
CouchCMS cross-site scripting vulnerability
CouchCMS is an open-source content management system CMS designed for designers. Version 2.2.1 of CouchCMS contains a cross-site scripting vulnerability. This vulnerability stems from the application’s lack of effective filtering and escaping of data provided by users. Attackers can exploit this...
Zyxel WRE6505 Access Control Vulnerability
The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 v2 V1.00ABDV.3C0 version contains an access control vulnerability. This vulnerability stems from improper restrictions on the number of authentication attempts made by the web manageme...
Siemens SIMATIC HMI Comfort Panels have undisclosed vulnerabilities
Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. Siemens SIMATIC HMI Comfort Panels have security vulnerabilities. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. Unauthorized attackers ca...
Siemens Teamcenter Cross-site Scripting Vulnerability
Siemens Teamcenter is a software application for product lifecycle management developed by the German company Siemens. Siemens Teamcenter has a cross-site scripting vulnerability. This vulnerability arises because the affected applications fail to properly encode or filter data provided by users...
Siemens RUGGEDCOM ROX parameter injection vulnerability
Siemens RUGGEDCOM ROX is a dedicated operating system developed by Siemens for its industrial communication devices. It primarily runs on RUGGEDCOM series of industrial Ethernet switches, routers, and multi-service platforms. Siemens RUGGEDCOM ROX has a parameter injection vulnerability; this...
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco Catalyst SD-WAN Manager has an XML external entity injection vulnerability. This vulnerability stems from...
Zyxel NWA1100-N buffer overflow vulnerability
The Zyxel NWA1100-N is a wireless access point manufactured by the Chinese company Zyxel. The Zyxel NWA1100-N 1.00AACE.1C0 version contains a buffer overflow vulnerability. This vulnerability arises from insufficient validation of the length of input data in functions such as formWep, formWlAc,...
Siemens ROS# Path traversal vulnerability
Siemens ROS is a robot operating system communication framework based on C and .NET by the German company Siemens. Siemens ROS has a path traversal vulnerability, which arises from incorrect user input that leads to path traversal. Attackers can exploit this vulnerability to access any file on th...
Fortinet FortiNDR SQL injection vulnerability (CNVD-2026-25592)
Fortinet FortiNDR is a network detection and response solution provided by the American company Fortinet. Fortinet FortiNDR has a SQL injection vulnerability. This vulnerability stems from improper handling of special elements within SQL commands. Attackers can exploit this vulnerability to execu...
Fortinet FortiAP operating system command injection vulnerability (CNVD-2026-25589)
Fortinet FortiAP is a controller developed by the American company Fortinet, used for managing wireless access point devices. There are vulnerabilities related to operating system command injection in Fortinet FortiAP and FortiAP-W2. These vulnerabilities stem from improper neutralization of...
Fortinet FortiAuthenticator Access Control Vulnerability (CNVD-2026-25590)
Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. There is an access control vulnerability in Fortinet FortiAuthenticator. This vulnerability stems from improper access control; attackers can exploit this vulnerability to...
Siemens Teamcenter Trust Management Vulnerability
Siemens Teamcenter is a software application for product lifecycle management developed by the German company Siemens. Siemens Teamcenter has a vulnerability related to trust management. This vulnerability stems from the use of hardcoded keys for obfuscation. Attackers can exploit this...
Siemens Solid Edge stack buffer overflow vulnerability (CNVD-2026-23468)
Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for parts design, assembly design, sheet metal design, welding design, and other industries. Siemens Solid Edge has a stack buffer overflow vulnerability, which allows attackers to execute...
Siemens Solid Edge buffer overflow vulnerability (CNVD-2026-23467)
Siemens Solid Edge is a 3D CAD software developed by the German company Siemens. This software can be used for part design, assembly design, sheet metal design, welding design, and other industries. Siemens Solid Edge has a buffer overflow vulnerability; this vulnerability stems from the lack of...
Kuicms PHP EE cross-site scripting vulnerability
Kuicms Php EE is a PHP enterprise website content management system developed by Kuicms Corporation. Version 2.0 of Kuicms Php EE contains a cross-site scripting vulnerability. This vulnerability stems from insufficient filtering and escaping of data provided by users. Attackers can exploit this...
Zyxel WRE6505 operating system command injection vulnerability
The Zyxel WRE6505 is a wireless signal expansion device produced by the Chinese company Zyxel. The Zyxel WRE6505 has an operating system command injection vulnerability. This vulnerability arises from the CGI program’s failure to properly filter special characters and commands constructed in...
BloofoxCMS Cross-Site Request Forgery Vulnerability
BloofoxCMS is a PHP-based text content management system. The bloofoxCMS 0.5.2.1 version has a cross-site request forgeing vulnerability. This vulnerability arises from the WEB application not properly verifying whether the request comes from a trusted user. Attackers can exploit this vulnerabili...
Fortinet FortiOS buffer overflow vulnerability (CNVD-2026-25593)
Fortinet FortiOS is a security operating system developed by Fortinet, a US-based company, and specifically designed for use on the FortiGate network security platform. This system offers users various security features, including firewalls, antivirus protection, IPSec/SSLVPN, web content...
Siemens RUGGEDCOM operating system command injection vulnerability (CNVD-2026-23336)
Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...
Siemens RUGGEDCOM operating system command injection vulnerability
Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Siemens RUGGEDCOM has a vulnerability related to operating system command injection. This vulnerability aris...
Fortinet FortiMail SQL injection vulnerability (CNVD-2026-25591)
Fortinet FortiMail is a set of email security gateway products developed by the American company Fortinet. This product provides features such as email security protection and data protection. Fortinet FortiMail has a SQL injection vulnerability. This vulnerability stems from improper...
Microsoft SharePoint code vulnerability (CNVD-2026-26519)
Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...
Microsoft SharePoint code vulnerability (CNVD-2026-26520)
Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...
Microsoft Data Formulator code injection vulnerability
Microsoft Data Formulator is an AI data visualization and analysis tool developed by Microsoft Corporation in the United States, powered by large language models. There is a security vulnerability in Microsoft Data Formulator. Attackers can exploit this vulnerability to execute code remotely...
Textpattern CMS file upload vulnerability
Textpattern CMS is a content management system based on PHP. Version 4.8.7 of Textpattern CMS has a file upload vulnerability. This vulnerability arises from the lack of strict validation or filtering during file uploads by users. Attackers can exploit this vulnerability to execute arbitrary...
Mozilla Firefox Code Execution Vulnerability (CNVD-2026-23637)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a code execution vulnerability, which stems from errors in the JavaScript Engine’s JIT compilation process. Attackers can exploit this vulnerability to execute arbitrary cod...
Mozilla Firefox Memory Error Reference Vulnerability (CNVD-2026-23638)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a memory corruption vulnerability, which stems from JavaScript: the WebAssembly component responsible for releasing memory experiences confusion in its instructions. Attacke...
Mozilla Firefox has an unknown vulnerability (CNVD-2026-23639)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. There are security vulnerabilities in Mozilla Firefox, which stem from issues with the JavaScript Engine component. Currently, no detailed information about these vulnerabilities is available...
Microsoft M365 Copilot for Desktop has a deception vulnerability
Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot for Desktop has a deception vulnerability, and attackers can exploit this vulnerability to carry out deceptive attacks...
Microsoft Office Exploitation Vulnerability (CNVD-2026-23631)
Microsoft Office is a suite of office software products developed by the American company Microsoft. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a deception vulnerability that attackers can exploit to carry out deceptive attacks...
Mozilla Firefox has an unknown vulnerability (CNVD-2026-23640)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. There is a security vulnerability in Mozilla Firefox, which stems from a sandbox escape in the Profile Backup component. Currently, no detailed details about this vulnerability are available...
Microsoft Office Code Execution Vulnerability (CNVD-2026-23632)
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. Microsoft Office has a code execution vulnerability, which allows attackers to execute arbitra...
uBidAuction cross-site scripting vulnerability (CNVD-2026-26093)
uBidAuction is an auction website system operated by the uBidAuction company, which supports online auctions and product transaction management. uBidAuction has a cross-site scripting vulnerability. This vulnerability arises due to the incorrect handling of the datecreated, datefrom, dateto, and...
Multiple Apple products have service denial vulnerabilities (CNVD-2026-26102)
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple tvOS is an operating system for smart TVs. Apple watchOS is an operating system for smart watches. Several Apple products have service denial vulnerabilities;...
Apple iOS and Apple iPadOS denial-of-service vulnerabilities
Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have denial-of-service vulnerabilities, and attackers can exploit these vulnerabilities to cause denial of service...
Apple iOS and Apple iPadOS security bypass vulnerabilities
Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Both Apple iOS and Apple iPadOS have security vulnerabilities that allow attackers to bypass application privacy report logging mechanisms...
Linux kernel x25_queue_rx_frame function memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a call to kfreeskb when allocskb fails in x25queuerxframe, which can be exploited b...
Linux kernel smb_check_perm_dacl function out-of-bounds read vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability. The vulnerability stems from insufficient ACE size validation in the smbcheckpermdacl function of ksmbd, whic...
Linux kernel netfilter nf_conntrack_helper function memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from passing a NULL pointer when expecting cleanup in netfilter nfconntrackhelper, which...
D-Link M60 License Issue Vulnerability
The D-Link M60 is a wireless routing device from China-based D-Link. An authorization issue vulnerability exists in D-Link M60 version 1.20B02 and prior versions, which stems from a weak password recovery issue in the file /usr/bin/httpd, and can be exploited by an attacker to cause...
Linux kernel set_cig_params_sync function memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from the setcigparamssync function in Bluetooth hciconn not locking hciconn, which can b...
Linux kernel sco_sock_connect function memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a confusion in the instruction responsible for freeing memory in the scosockconnect...
Linux kernel fuse_add_dirent_to_cache function buffer overflow vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux kernel. The vulnerability stems from the fuseadddirenttocache function not checking if the dirent size exceeds PAGESIZE, whi...
Linux Kernel wilc1000 Integer Overflow Vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a heap buffer overflow due to a u8 overflow in the wilc1000 wireless driver, which could lead to memory...