HCL AION Information Disclosure Vulnerability (CNVD-2025-25460)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that is due to a trusted type in an unenforced script in the CSP. An attacker could exploit this vulnerability to cause a content security policy bypass...

HCL AION Information Disclosure Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability due to a missing or insecure "X-Content-Type-Options" header flaw. An attacker could exploit this vulnerability to obtain credentials or system information...

WordPress OwnID Passwordless Login plugin authentication bypass vulnerability

WordPress OwnID Passwordless Login plugin is a WordPress plugin for passwordless login function, by sending a one-time authorization code to the user's email or cell phone to complete the verification. An authentication bypass vulnerability exists in the WordPress OwnID Passwordless Login plugin,...

WordPress Lisfinity Core plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

D-Link DI-7100G C1 popupId parameter buffer overflow vulnerability

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter popupId in the file /webchat/hiblock.asp failing to properly validate the length...

Ivanti Secure Access Client Open Redirect Vulnerability

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. to enable remote secure access, supporting enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an open redirection vulnerability that originates from an...

WordPress Ova Advent plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ova Advent plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

WordPress Ally plugin stack buffer overflow vulnerability

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

D-Link DI-7100G C1 openid parameter buffer overflow vulnerability

The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter openid in the file /webchat/login.cgi failing to properly validate the length an...

WordPress TARIFFUXX plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...

Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24426)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Unspecified vulnerability in SAMSUNG Mobile devices (CNVD-2025-24784)

SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which can be exploited by attackers to cause...

DELL PowerScale OneFS License Bypass Vulnerability

DELL PowerScale OneFS is Dell's horizontally scalable clustered file system designed to manage unstructured data and support enterprise-class storage capabilities. An authorization bypass vulnerability exists in DELL PowerScale OneFS that originates from a user control key leading to authorizatio...

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29155)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from unrestricted resource allocation ...

Unspecified Vulnerability in Adobe Creative Cloud Desktop

Adobe Creative Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from the American company Audobee Adobe. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

DataEase H2 JDBC Injection Code Execution Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...

DataEase SQL Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...

DataEase DB2/MongoDB JNDI Code Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

HCL AION code execution vulnerability (CNVD-2026-16411)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a code execution vulnerability that is caused due to a flaw in the content security policy. An attacker can exploit the vulnerability to execute arbitrary scripts inline...

HCL AION Information Disclosure Vulnerability (CNVD-2026-16412)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to gain access to cached data information...

Samba OS Command Injection Vulnerability

Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-24203)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input. An attacker could exploit the vulnerability to steal the victim's...

Microsoft Excel Resource Management Error Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel, which can be exploited by an attacker to remotely execute code...

Centreon cross-site scripting vulnerability (CNVD-2025-24649)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon cross-site scripting vulnerability , the vulnerability stems from the lack of effective...

Centreon has an unspecified vulnerability (CNVD-2025-24647)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

Rockwell Automation FactoryTalk Linx Elevation of Privilege Vulnerability

Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Rockwell Automation. It is used to communicate between small applications and large automation systems. An elevation of privilege vulnerability exists in Rockwell Automation FactoryTalk Linx due to a...

Fortinet FortiClientMAC Resource Management Error Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. Fortinet FortiClientMAC has a resource management error vulnerability that stems from improper allocation of critical resource permissions, which can be exploited by an attacker to cause a local...

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2025-24205)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass Vulnerability

Rockwell Automation PanelView Plus 7 Performance Series B is a versatile HMI application from Rockwell Automation. An authentication bypass vulnerability exists in Rockwell Automation PanelView Plus 7 Performance Series B, which can be exploited by an attacker to cause unauthorized access,...

ZTE ZXCDN Struts Remote Code Execution Vulnerability

ZTE ZXCDN is a unified network management platform from China's ZTE Corporation ZTE. ZTE ZXCDN suffers from a Struts remote code execution vulnerability, which can be exploited by an attacker to remotely execute commands with non-root privileges...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24394)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Ivanti Endpoint Manager Deserialization Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a deserialization...

Rockwell Automation FactoryTalk ViewPoint Denial of Service Vulnerability

Rockwell Automation FactoryTalk ViewPoint is a web-based client application from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation FactoryTalk ViewPoint, which can be exploited by an attacker to cause a denial of service...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-24633)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...

WordPress The Plus Addons for Elementor plugin cross-site scripting vulnerability

WordPress The Plus Addons for Elementor plugin is a plugin designed specifically for the Elementor page builder, offering over 120 custom widgets and extensions and more than 1000 pre-designed templates. A cross-site scripting vulnerability exists in WordPress The Plus Addons for Elementor plugin...

WordPress SureForms plugin information disclosure vulnerability

WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...

WordPress Pz-LinkCard plugin server-side request forgery vulnerability

WordPress Pz-LinkCard plugin is a WordPress plugin that is mainly used to display links in the form of cards, support custom display of external and internal links, and optimize social sharing and other features. WordPress Pz-LinkCard plugin suffers from a server-side request forgery vulnerabilit...

WordPress Simple SEO plugin cross-site scripting vulnerability

WordPress Simple SEO plugin is an SEO optimization tool designed based on the SimpleTags plugin, which is mainly used to help users simplify search engine optimization SEO operations. WordPress Simple SEO plugin suffers from a cross-site scripting vulnerability that stems from the application's...

Rockwell Automation Comms-1783-NATR Cross-Site Scripting Vulnerability

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR is vulnerable to a cross-site scripting vulnerability that is caused by improper validation of user-supplied input. An attacker could exploit...

Rockwell Automation Comms-1783-NATR Cross-Site Request Forgery Vulnerability

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to cause a specially crafted link to trick a...

Rockwell Automation ArmorStart AOP Denial of Service Vulnerability

Rockwell Automation ArmorStart AOP is a distributed motor controller from Rockwell Automation. The Rockwell Automation ArmorStart AOP suffers from a denial of service vulnerability that originates from entering an invalid value into a COM method, which can be exploited by an attacker to cause a...

Rockwell Automation 1715-AENTR EtherNet/IP Adapter Denial of Service Vulnerability (CNVD-2025-24581)

The Rockwell Automation 1715-AENTR EtherNet/IP Adapter is a redundant Ethernet adapter module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, which can be exploited by an attacker to cause a web server to crash...

Rockwell Automation 1715-AENTR EtherNet/IP Adapter Denial of Service Vulnerability

The Rockwell Automation 1715-AENTR EtherNet/IP Adapter is a redundant Ethernet adapter module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, which stems from improper handling of specially crafted payloads by CIP...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24268)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24265)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24264)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24261)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24262)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Fortinet FortiClient MacOS installer data forgery issue vulnerability

Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...