Code execution vulnerability in multiple Mozilla products (CNVD-2025-24626)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24631)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Mozilla Firefox and Mozilla Thunderbird Memory Misreference Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A memory misreference vulnerability exists in Mozilla Firefox and Mozilla...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24400)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24266)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Centreon Web SQL Injection Vulnerability (CNVD-2025-24418)

Centreon Web is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. A security vulnerability exists in Centreon Web, which originates from an SQL injection on the Meta...

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

UTT Progressive 518G Buffer Overflow Vulnerability (CNVD-2026-00803)

The UTT Progress 518G is an enterprise-class router designed for small and medium-sized business office environments, focusing on multi-WAN port access and stable performance. UTT Enterprise 518G suffers from a buffer overflow vulnerability, which originates from the parameter txtMin2 in the file...

Unspecified Vulnerability in Rockwell Automation Comms-1783-NATR

Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. A security vulnerability exists in the Rockwell Automation Comms-1783-NATR that stems from a lack of authentication checks for critical functions and can be exploited by an attacker ...

Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2025-24393)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

Rockwell Automation Compact GuardLogix 5370 Denial of Service Vulnerability

Rockwell Automation Compact GuardLogix 5370 is a safety programmable logic controller from Rockwell Automation. The Rockwell Automation Compact GuardLogix 5370 suffers from a denial of service vulnerability that originates from a failure when sending a specially crafted CIP unconnected explicit...

Adobe Connect Open Redirect Vulnerability

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect has an open redirection vulnerability that can be exploited by an attacker to cause users to be redirected to a malicious website...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24448)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Adobe Framemaker Code Execution Vulnerability

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A security vulnerability exists in Adobe Framemaker version 2020.9, 2022.7, and prior versions, which can be...

Ivanti Endpoint Manager SQL Injection Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...

Ivanti Endpoint Manager Path Traversal Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. A path traversal vulnerability exists in Ivanti Endpoint...

Centreon has an unspecified vulnerability (CNVD-2025-24172)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

Unspecified Vulnerability in Adobe Substance3D Viewer (CNVD-2025-24166)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. A security vulnerability exists in Adobe Substance3D Viewer 0.25.2 and earlier versions, which can be exploited by an attacker to cause arbitrary code execution in the current us...

Adobe Substance3D Modeler Buffer Overflow Vulnerability

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Modeler 1.22.3 and prior versions, which can be exploited by an attacker to cause code execution in the current user environment...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-24163)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

Unspecified Vulnerability in Microsoft Defender (CNVD-2025-24169)

Microsoft Defender is a threat protection software from Microsoft USA. Microsoft Defender for Linux has a security vulnerability that can be exploited by attackers to cause a denial of service on the system...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-24199)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which could be exploited by an attacker to bypass security measures and maintain unauthorized...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-24402)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-24200)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which could be exploited by an attacker to bypass security measures and gain unauthorized...

Microsoft Windows File Explorer Spoofing Vulnerability (CNVD-2026-10676)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. A spoofing vulnerability exists in Microsoft Windows File Explorer that is caused by the exposure of sensitive information to unauthorized participants in File Explorer. An attacker could exploit the vulnerability t...

Unspecified Vulnerability in Microsoft Windows (CNVD-2025-24644)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by attackers to remotely execute code...

Fortinet FortiClientMac Code Injection Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24267)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Automated Voting System add_candidate_modal.php File SQL Injection Vulnerability

Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter firstname in file /admin/addcandidatemodal.php for externally entered SQL statements. An attacker can exploit this...

Rockwell Automation FactoryTalk View Machine Edition Path Traversal Vulnerability

Rockwell Automation FactoryTalk View Machine Edition is a versatile HMI application from Rockwell Automation. A path traversal vulnerability exists in Rockwell Automation FactoryTalk View Machine Edition, which can be exploited by an attacker to delete any file in the panel's operating system...

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2025-26722)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An elevation of privilege vulnerability exists in Microsoft Exchange Server, which can be exploit...

Mozilla Firefox and Mozilla Thunderbird Code Execution Vulnerability (CNVD-2025-24627)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...

Adobe Dimension Input Validation Error Vulnerability (CNVD-2025-24213)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An input validation error vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-24198)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce, which could be exploited by an attacker to bypass security measures and gain unauthorized read...

Rockwell Automation FactoryTalk Linx Elevation of Privilege Vulnerability (CNVD-2026-10857)

Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Rockwell Automation. The product is primarily used for small applications to communicate with large automation systems and more. An elevation of privilege vulnerability exists in Rockwell Automation...

Mozilla Firefox and Mozilla Thunderbird Security Bypass Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security bypass vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...

UTT HiPER 2620G Buffer Overflow Vulnerability

The UTT HiPER 2620G is an enterprise-class router from Atech Technology UTT designed for small and medium-sized businesses, schools, or Internet cafes in scenarios that require multi-line access and network control. The UTT HiPER 2620G suffers from a buffer overflow vulnerability that originates...

Centreon cross-site scripting vulnerability (CNVD-2025-24648)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

Code execution vulnerability in multiple Mozilla products (CNVD-2025-24628)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-24201)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that can be exploited by an attacker to steal a victim's cookie-based authentication...

WordPress Felan Framework Improper Authentication Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...

Adobe Connects Cross-Site Scripting Vulnerability (CNVD-2025-24428)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in a victim's browser...

Adobe Framemaker Memory Misreference Vulnerability (CNVD-2025-24391)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A memory misreference vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause...

Unspecified Vulnerability in Microsoft Azure (CNVD-2025-24645)

Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. Microsoft Azure has a security vulnerability that can be exploited by an attacker who can elevate privileges...

Unspecified Vulnerability in Microsoft Azure (CNVD-2025-24170)

Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. Microsoft Azure has a security vulnerability that can be exploited by an attacker who can elevate privileges...

Microsoft Azure Elevation of Privilege Vulnerability (CNVD-2025-29349)

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. A security vulnerability exists in Microsoft Azure Compute Gallery, which can be exploited by an attacker to elevate privileges...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24263)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

Out-of-bounds write vulnerability in multiple Mozilla products (CNVD-2025-24625)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...

IBM MQ Denial of Service Vulnerability (CNVD-2026-19183)

IBM MQ is a leading enterprise-class messaging middleware designed for cross-platform asynchronous communication. It uses a queuing mechanism to ensure reliable and secure data transfer between applications and supports integration in heterogeneous environments. A denial of service vulnerability...