131179 matches found
Adobe Animate Out-of-Bounds Read Vulnerability (CNVD-2025-24423)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a memory information leak...
Unspecified Vulnerability in Adobe Creative Cloud Desktop
Adobe Creative Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from the American company Audobee Adobe. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...
Adobe Animate Memory Misreference Vulnerability (CNVD-2025-24424)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Animate, which can be exploited by an attacker to cause arbitrary code to be executed in the current user environment...
WordPress Ova Advent plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ova Advent plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...
WordPress Lisfinity Core plugin elevation of privilege vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...
Adobe Animate heap buffer overflow vulnerability (CNVD-2025-24421)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution in the current user environment...
WordPress Outdoor plugin SQL injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Outdoor plugin suffers from a SQL injection vulnerability that stems from a lack of validation of the edit parameter. An attacker can exploit this vulnerability to...
WordPress Task Scheduler plugin server-side request forgery vulnerability
WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...
WordPress Binary MLM Plan plugin elevation of privilege vulnerability
WordPress Binary MLM Plan plugin is a WordPress plugin designed for network marketing, mainly used to simplify the operational process of multi-level marketing MLM business. WordPress Binary MLM Plan plugin suffers from an elevation of privilege vulnerability that stems from the bmpuser role...
WordPress Quick Social Login plugin cross-site scripting vulnerability
WordPress Quick Social Login plugin is a plugin that allows users to quickly log in or sign up through social media accounts such as Facebook, Google, Twitter, LinkedIn, Slack and WordPress.com. The WordPress Quick Social Login plugin suffers from a cross-site scripting vulnerability that stems...
WordPress Digiseller plugin cross-site scripting vulnerability
WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...
WordPress Keyy Two Factor Authentication plugin Privilege Escalation Vulnerability
WordPress Keyy Two Factor Authentication plugin is a plugin for enhancing the login security of your website. A privilege escalation vulnerability exists in the WordPress Keyy Two Factor Authentication plugin, which can be exploited by an attacker to cause an elevation of privilege, due to a...
WordPress Dynamically Display Posts plugin SQL Injection Vulnerability
WordPress Dynamically Display Posts plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. WordPress Dynamically Display Posts plugin suffers from a SQL injection vulnerability that stems from a lack of...
WordPress TARIFFUXX plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress TARIFFUXX plugin suffers from a SQL injection vulnerability that stems from insufficient cleanup of the tariffuxxconfigurator shortcode for user-supplied input, which...
WordPress TopBar plugin cross-site request forgery vulnerability
WordPress TopBar plugin is a plugin for adding a notification bar at the top of your website, mainly used to display messages, links or promotional content to help users attract attention and increase conversions. The WordPress TopBar plugin suffers from a cross-site request forgery vulnerability...
WordPress onOffice for WP-Websites plugin SQL Injection Vulnerability
WordPress onOffice for WP-Websites plugin is a WordPress plugin developed by onOfficeGmbH that is mainly used to integrate listings, addresses or forms from real estate management software such as onOffice into a WordPress website, supports shortcode flexible design and allows for Generate...
WordPress Dhivehi Text plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Dhivehi Text plugin, which stems from a lack of effective filtering and escaping of dhivehi short code, and can be...
Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24426)
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
D-Link DI-7100G C1 openid parameter buffer overflow vulnerability
The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter openid in the file /webchat/login.cgi failing to properly validate the length an...
WordPress Demo Import Kit plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress Demo Import Kit plugin, which stems from a lack of file type validation in the import function and can be exploite...
WordPress External Login plugin SQL Injection Vulnerability
The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. WordPress External Login plugin is prone to SQL injection vulnerability, which is caused by...
IBM Planning Analytics Local Cross-Site Scripting Vulnerability
IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. IBM Planning Analytics Local suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
WordPress OwnID Passwordless Login plugin authentication bypass vulnerability
WordPress OwnID Passwordless Login plugin is a WordPress plugin for passwordless login function, by sending a one-time authorization code to the user's email or cell phone to complete the verification. An authentication bypass vulnerability exists in the WordPress OwnID Passwordless Login plugin,...
IBM Transformation Extender Advanced Weak Password Vulnerability
IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from a weak password vulnerability that stems from not requiring users to use strong passwords by...
OpenEXR has an unspecified vulnerability (CNVD-2025-24791)
OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR that can be exploited by attackers to cause a buffer overflow...
ChurchCRM Authentication Error Vulnerability
ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...
OpenEXR has an unspecified vulnerability (CNVD-2025-24790)
OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in versions prior to OpenEXR 8.0, which can be exploited by an attacker to cause heap memory corruption...
Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26897)
Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...
Opencast Information Disclosure Vulnerability (CNVD-2025-24789)
Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast versions prior to 17.8 and prior to 18.2, which can be exploited by attackers to cause accidental distribution...
SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24706)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...
NVIDIA Display Driver Code Issue Vulnerability
NVIDIA Display Driver is a graphics card driver from NVIDIA. A security vulnerability exists in NVIDIA Display Driver, which can be exploited by attackers to cause denial of service, elevation of privilege, code execution, and data manipulation...
Unspecified Vulnerability in HCL AION (CNVD-2025-25409)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a script whitelist configuration bypass and a misconfigured Content-Security-Policy header, which can be exploited by an attacker to cause cross-site scripting and other...
WordPress Oceanpayment CreditCard Gateway plugin Access Control Error Vulnerability
WordPress Oceanpayment CreditCard Gateway plugin is a plugin for integrating credit card payments in your WordPress website, which enables transactions through the payment gateway provided by Oceanpayment. The WordPress Oceanpayment CreditCard Gateway plugin suffers from an Access Control Error...
Unspecified Vulnerability in HCL AION
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25886)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...
Newforma Project Center Server Directory Traversal Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A directory traversal vulnerability exists in Newforma Project...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25888)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
Newforma Project Center Server Open Redirect Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An open redirection vulnerability exists in Newforma Project...
Newforma Project Center Server Information Disclosure Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
Microsoft Azure Cache for Redis Enterprise Elevation of Privilege Vulnerability
Microsoft Azure Cache for Redis Enterprise is an in-memory caching service from Microsoft Corporation, USA. An elevation of privilege vulnerability exists in Microsoft Azure Cache for Redis Enterprise, which can be exploited by an attacker to gain elevated privileges on the system...
Microsoft 365 Copilot Business Chat Spoofing Vulnerability (CNVD-2025-25468)
Microsoft 365 Copilot Business Chat is an AI chat software from Microsoft Corporation, USA. Microsoft 365 Copilot Business Chat has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...
SAMSUNG Notes Out-of-Bounds Write Vulnerability
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to write to out-of-bounds memory...
IBM Standards Processing Engine Deserialization Vulnerability
IBM Standards Processing Engine Ibm Transformation Extender Advanced is a document conversion software from International Business Machines IBM. Used to automatically convert and validate large amounts of data. IBM Standards Processing Engine suffers from a deserialization vulnerability that stem...
OpenEXR has an unspecified vulnerability (CNVD-2025-24792)
OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in versions prior to OpenEXR 8.0, which can be exploited by an attacker to cause an out-of-bounds write...
Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26898)
Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...
Unspecified Vulnerability in Wireshark (CNVD-2025-24785)
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability that can be exploited by an attacker to cause a denial of...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25476)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
D-Link Nuclias Connect Cross-Site Scripting Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...
WordPress Find And Replace content plugin cross-site scripting vulnerability
WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25862)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information IELTS vulnerability exists in Newforma Project...