131179 matches found
Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26898)
Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...
Unspecified Vulnerability in Wireshark (CNVD-2025-24785)
Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark has a security vulnerability that can be exploited by an attacker to cause a denial of...
Newforma Project Center Server Information Disclosure Vulnerability (CNVD-2025-25476)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. An information disclosure vulnerability exists in Newforma Proje...
D-Link Nuclias Connect Cross-Site Scripting Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...
WordPress Find And Replace content plugin cross-site scripting vulnerability
WordPress Find And Replace content plugin is a plugin used to batch find and replace the specified text in the website content, mainly used to solve the problem of batch modification in the website content update demand. A cross-site scripting vulnerability exists in the WordPress Find And Replac...
D-Link Nuclias Connect Observable Response Discrepancy Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. An observable response difference vulnerability exists in D-Link Nuclias Connect that stems from an...
Newforma Project Center Server Code Execution Vulnerability (CNVD-2025-25871)
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...
Unspecified Vulnerability in IBM Aspera Faspex
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 that stems from a cross-domain policy file containing domains that shoul...
Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability (CNVD-2025-26899)
Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute arbitrary code on the system or cause a system crash...
D-Link Nuclias Connect Directory Traversal Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. A directory traversal vulnerability exists in D-Link Nuclias Connect, which stems from improper cleanup ...
IBM Transformation Extender Advanced Logout Without Disabling Session Vulnerability
IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from a Logout Without Disabling Session vulnerability, which can be exploited by an attacker to...
D-Link DI-7100G C1 popupId parameter buffer overflow vulnerability
The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a buffer overflow vulnerability that originates from the parameter popupId in the file /webchat/hiblock.asp failing to properly validate the length...
IBM Aspera Faspex Input Validation Error Vulnerability
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. IBM Aspera Faspex has an input validation error vulnerability that stems from improper API input validation, which can be exploited by an attacker to cause a...
SAMSUNG Notes Information Disclosure Vulnerability
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes has an information disclosure vulnerability that can be exploited by an attacker to access shared notes...
SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24703)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...
Mongoose Buffer Overflow Vulnerability
Mongoose is a MongoDB object modeling designed to work in an asynchronous environment. Mongoose suffers from a buffer overflow vulnerability that stems from a boundary error when the application processes untrusted input, which can be exploited by an attacker to cause an application crash or buff...
Opencast Cross-Site Scripting Vulnerability
Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. Opencast suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...
Unspecified vulnerability in SAMSUNG Mobile devices (CNVD-2025-24784)
SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which can be exploited by attackers to cause...
DELL PowerScale OneFS License Bypass Vulnerability
DELL PowerScale OneFS is Dell's horizontally scalable clustered file system designed to manage unstructured data and support enterprise-class storage capabilities. An authorization bypass vulnerability exists in DELL PowerScale OneFS that originates from a user control key leading to authorizatio...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29155)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from unrestricted resource allocation ...
Unspecified Vulnerability in Apache StreamPark (CNVD-2025-24728)
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark has a security vulnerability that can be exploited by attackers to cause confidentiality, integrity and availability to be compromised...
IBM Transformation Extender Advanced Improper Access Control Vulnerability
IBM Transformation Extender Advanced A data transformation, validation and standardization tool software from International Business Machines Corporation. IBM Transformation Extender Advanced suffers from an Improper Access Control Vulnerability, no details of the vulnerability are available at...
Apache Spark Encryption Problem Vulnerability (CNVD-2025-25376)
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...
D-Link DIR-816A2 Buffer Overflow Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816A2 FWv1.10CNB05 version, which originates from the statuscheckpppoeuser parameter in the dirsetWanWifi function that fails to correctly validate the length and size of the input...
ZenML Input Validation Error Vulnerability
ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...
WordPress Library Management System plugin unauthorized data modification vulnerability
The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...
IBM Transformation Extender Advanced Log Message Disclosure Vulnerability
IBM Transformation Extender Advanced is a data transformation, validation and standardization tool software from International Business Machines IBM. IBM Transformation Extender Advanced suffers from a log information disclosure vulnerability that originates from storing sensitive information in ...
Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that is caused by incorrect boundary checking. An attacker could exploit the vulnerability to execute arbitrary code on the system or...
Fortinet FortiDLP Path Traversal Vulnerability
Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a path traversal vulnerability, which stems from the program failing to properly filter special elements in the path of a resource or file, and can be exploited by an...
Delta Electronics ASDA-Soft Stack Buffer Overflow Vulnerability (CNVD-2025-26912)
Delta Electronics ASDA-Soft is an AC servo motor from Delta Electronics China. The Delta Electronics ASDA-Soft suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...
Flowise File Upload Vulnerability (CNVD-2025-24788)
Flowise is a FlowiseAI open source tool for easily building LLM applications. A file upload vulnerability exists in Flowise version 3.0.7, which stems from a file upload process that does not validate the file extension, MIME type, or file content, and can be exploited by an attacker to cause...
Unspecified vulnerability in SAMSUNG Mobile devices (CNVD-2025-24783)
SAMSUNG Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Oct-2025 Release 1, which can be exploited by attackers to cause...
HCL AION Information Disclosure Vulnerability
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability due to a missing or insecure "X-Content-Type-Options" header flaw. An attacker could exploit this vulnerability to obtain credentials or system information...
Fortinet FortiDLP Log Information Disclosure Vulnerability
Fortinet FortiDLP is a data leakage prevention software from the American company Fita Fortinet. Fortinet FortiDLP suffers from a log information disclosure vulnerability that originates from the insertion of sensitive information into a log file, which can be exploited by an attacker to cause...
HCL AION Information Disclosure Vulnerability (CNVD-2025-25461)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has an information disclosure vulnerability that can be exploited by attackers to cause unauthorized access...
SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24704)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...
D-Link DI-7001 MINI OS Command Injection Vulnerability
D-Link DI-7001 MINI is a multi-functional intelligent gateway from China AUO D-Link. The D-Link DI-7001 MINI suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary code on the system...
Newforma Project Center Server Code Execution Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...
Emlog Cross-Site Scripting Vulnerability (CNVD-2025-24787)
Emlog is a PHP and MySQL based CMS builder. Emlog 2.5.21 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the email template settings, an attacker can exploit this vulnerability by...
WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...
Unspecified Vulnerability in Newforma Project Center Server
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security vulnerability exists in Newforma Project Center Serve...
WordPress plugin WP BookWidgets cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP BookWidgets cross-site scripting vulnerability , the vulnerability stems fr...
Unspecified Vulnerability in HCL MyXalytics
HCL MyXalytics is an analytics software product from HCL India. It is used for performing data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics, which arises from loading third-party scripts without integrity checking or validation, and can be exploited by an...
Microsoft 365 Copilot Business Chat Spoofing Vulnerability
Microsoft 365 Copilot Business Chat is an AI chat software from Microsoft Corporation, USA. Microsoft 365 Copilot Business Chat has a spoofing vulnerability that can be exploited by attackers to cause spoofing attacks...
WordPress Felan Framework plugin unauthorized data modification vulnerability
The WordPress Felan Framework plugin is a plugin with security vulnerabilities, mainly related to authentication issues. WordPress Felan Framework plugin has an unauthorized data modification vulnerability that stems from a lack of permission checking in the processpluginactions function, which c...
Unspecified Vulnerability in Mattermost (CNVD-2025-24795)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that can be exploited by an attacker to cause guest users to add arbitrary team members to their private channels via the...
WordPress Classified Pro plugin Unauthorized Plugin Installation Vulnerability
WordPress Classified Pro plugin is a plugin for quickly creating a classified ad section on a WordPress website, supporting different scenarios of listings management such as automotive, second-hand trading, etc., and providing features such as searching, ad space configuration, and text...
IBM Aspera Information Disclosure Vulnerability (CNVD-2025-25473)
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera that stems from an observable difference in the returned data, which can be exploited by an...
Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24425)
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause the disclosure of sensitive information in memory...
Newforma Project Center Server Cross-Site Scripting Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center suffers from a cross-site scripting...