Centreon Command Injection Vulnerability (CNVD-2025-24650)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...

D-Link DAP-2695 Operating System Command Injection Vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 version 2.00RC131 suffers from an operating system command injection vulnerability, which originates from the failure of the function fwupdatermain of the component Firmware Upda...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-24392)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Adobe Dimension Memory Misreference Vulnerability (CNVD-2025-24255)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A memory misreference vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2025-24204)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

Unspecified Vulnerability in Microsoft Windows (CNVD-2025-24420)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by an attacker to gain elevated privileges...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24449)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute code...

Microsoft Office Code Execution Vulnerability (CNVD-2025-24419)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Microsoft Office Denial of Service Vulnerability (CNVD-2025-24415)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A denial of service vulnerability exists in Microsoft Office, which can be exploited by attackers to cause...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24451)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-24401)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-24395)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24450)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24447)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Windows SMB Client Authorization Issues Vulnerability

Microsoft Windows SMB Client is a Microsoft application. An SMB client. Microsoft Windows SMB Client has a security vulnerability that can be exploited by attackers to tamper with information...

F5 BIG-IP IPsec Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the IPsec module of BIG-IP, which can be exploited to cause the termination of the...

F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A memory corruption vulnerability exists in the Explicit Forward Proxy module of the BIG-IP SSL Orchestrator. The vulnerabilit...

F5 BIG-IP Elevation of Privilege Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An elevation of privilege vulnerability exists in the BIG-IP's iControl REST and TMOS Shell tmsh modules. The vulnerability...

F5 BIG-IP SSL/TLS Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when the...

F5 BIG-IP TMM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in BIG-IP's TMM Traffic Management Microkernel module, which arises because specific...

F5 BIG-IP TMM Data Tampering Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A data tampering vulnerability exists in the TMM module of BIG-IP, which arises because undisclosed traffic can lead to data...

F5 BIG-IP iHealth Tool Privilege Bypass Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A privilege bypass vulnerability exists in the BIG-IP's iHealth tool a module of the TMOS Shell. The vulnerability occurs...

F5 BIG-IP ePVA Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the ePVA module of BIG-IP. The vulnerability arises due to undisclosed traffic tha...

F5 BIG-IP Next TMM Memory Resource Management Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A memory resource management vulnerability exists in the TMM module of BIG-IP Next. The vulnerability arises because after...

F5 BIG-IP SSL/TLS Profile Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...

F5 BIG-IP TMM Module Denial of Service Vulnerability

5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the TMM module of the BIG-IP system, which arises because undisclosed traffic could...

Microsoft Inbox COM Objects Code Execution Vulnerability

Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Inbox COM Objects Code Execution Vulnerability (CNVD-2025-25713)

Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code...

Automated Voting System update_user.php File SQL Injection Vulnerability

Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Password in the file /admin/updateuser.php. An attacker can exploit this...

Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2025-26108)

Microsoft Windows Server is a set of server operating systems from the American company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows Server, which can be exploited by an attacker to execute arbitrary code on a target system by sending a specially crafted...

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2025-26717)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An elevation of privilege vulnerability exists in Microsoft Exchange Server, which can be exploit...

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2025-26718)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...

Microsoft PowerPoint Code Execution Vulnerability (CNVD-2025-26719)

Microsoft PowerPoint is a document presentation tool in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft PowerPoint, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Word Code Execution Vulnerability (CNVD-2025-26720)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute code...

Microsoft Word Code Execution Vulnerability (CNVD-2025-26721)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Office Visio Code Execution Vulnerability (CNVD-2026-00030)

Microsoft Office Visio is a U.S. Microsoft Microsoft Office software series responsible for drawing flowcharts and schematic diagrams in the software. A code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on a system...

UTT Progressive 518G Buffer Overflow Vulnerability

The UTT Progress 518G is an enterprise-class router designed for small and medium-sized business office environments, focusing on multi-WAN port access and stable performance. UTT Enterprise 518G suffers from a buffer overflow vulnerability, which originates from the parameter Profile in the file...

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2025-29351)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by attackers to elevate privileges...

Microsoft Graphics Component Elevation of Privilege Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component that can be exploited by an attacker to elevate privileges...

Microsoft Windows SMB Server Access Control Error Vulnerability

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A security vulnerability exists in Microsoft Windows SMB Server that can be exploited by an...

ASUS Armoury Crate Null Pointer Dereference Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a null pointer dereference vulnerability that can be exploited by attackers to cause a system crash...

ASUS Armoury Crate Improper Link Following Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a link following improper vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

ASUS Armoury Crate Stack Buffer Overflow Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a stack buffer overflow vulnerability that can be exploited by attackers to cause a system crash or other undefined execution...

Microsoft Office Code Execution Vulnerability (CNVD-2025-24399)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

Mozilla Firefox Spoofing Vulnerability (CNVD-2025-24623)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a spoofing vulnerability, which is caused by a response to a visibilitychange event. An attacker can exploit this vulnerability to conduct spoofing attacks...

Code execution vulnerability in multiple Mozilla products (CNVD-2025-24621)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2025-24622)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A memor...

Mozilla Firefox Spoofing Vulnerability (CNVD-2025-24624)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a spoofing vulnerability, which is caused due to an error in the Customization tab. An attacker can exploit this vulnerability to conduct spoofing attacks...

Cross-site scripting vulnerability in multiple Mozilla products (CNVD-2025-24632)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-24630)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...