131179 matches found
WordPress Content Writer plugin information disclosure vulnerability
WordPress Content Writer plugin is a WordPress plugin mainly used to help users efficiently manage the website content creation, providing convenient content generation and publishing functions. WordPress Content Writer plugin has an information disclosure vulnerability that originates from...
WordPress Theme Importer plugin cross-site request forgery vulnerability
WordPress Theme Importer plugin is mainly used to import website content such as pages, menus, images, etc. from other platforms or websites into WordPress for quick migration or rebuilding of websites. The WordPress Theme Importer plugin suffers from a cross-site request forgery vulnerability,...
Newforma Project Center Server Code Execution Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A code execution vulnerability exists in Newforma Project Center...
WordPress DocoDoco Store Locator plugin Arbitrary File Upload Vulnerability
WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...
WordPress External Login plugin Information Disclosure Vulnerability
The WordPress External Login plugin is mainly used to integrate WordPress login functionality with an external database system, allowing users to log in to the site directly through an external account. An information disclosure vulnerability exists in the WordPress External Login plugin, which...
LibreNMS Cross-Site Scripting Vulnerability
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A cross-site scripting vulnerability exists in LibreNMS that stems from insufficient...
D-Link DI-7100G C1 Command Injection Vulnerability
The D-Link DI-7100G C1 is an enterprise-class router from D-Link, designed for small and medium-sized businesses. The D-Link DI-7100G C1 suffers from a command injection vulnerability that originates from the parameter iface in the file /mspinfo.htm?flag=qos that fails to correctly filter...
Adobe Animate Null Pointer Dereference Vulnerability (CNVD-2025-24422)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause a memory information disclosure...
HCL AION code execution vulnerability (CNVD-2026-16411)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a code execution vulnerability that is caused due to a flaw in the content security policy. An attacker can exploit the vulnerability to execute arbitrary scripts inline...
DataEase SQL Injection Vulnerability
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase /de2api/datasetData/tableField processing tableName parameter...
Samba OS Command Injection Vulnerability
Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...
DataEase H2 JDBC Injection Code Execution Vulnerability
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase H2.java handles JDBC connection validation with a code injection...
DataEase DB2/MongoDB JNDI Code Injection Vulnerability
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...
HCL AION Information Disclosure Vulnerability (CNVD-2026-16412)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to gain access to cached data information...
WordPress The Plus Addons for Elementor plugin cross-site scripting vulnerability
WordPress The Plus Addons for Elementor plugin is a plugin designed specifically for the Elementor page builder, offering over 120 custom widgets and extensions and more than 1000 pre-designed templates. A cross-site scripting vulnerability exists in WordPress The Plus Addons for Elementor plugin...
Centreon Web SQL Injection Vulnerability (CNVD-2025-24418)
Centreon Web is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. A security vulnerability exists in Centreon Web, which originates from an SQL injection on the Meta...
Fortinet FortiClientMac Code Injection Vulnerability
Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code injection vulnerability exists in Fortinet FortiClientMac, which stems from the application's failure to properly filter special elements of constructed snippets, and can be exploited by an...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24268)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
ASUS Armoury Crate Stack Buffer Overflow Vulnerability
ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a stack buffer overflow vulnerability that can be exploited by attackers to cause a system crash or other undefined execution...
UTT Progressive 518G Buffer Overflow Vulnerability (CNVD-2026-00803)
The UTT Progress 518G is an enterprise-class router designed for small and medium-sized business office environments, focusing on multi-WAN port access and stable performance. UTT Enterprise 518G suffers from a buffer overflow vulnerability, which originates from the parameter txtMin2 in the file...
Automated Voting System add_candidate_modal.php File SQL Injection Vulnerability
Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter firstname in file /admin/addcandidatemodal.php for externally entered SQL statements. An attacker can exploit this...
Automated Voting System update_user.php File SQL Injection Vulnerability
Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Password in the file /admin/updateuser.php. An attacker can exploit this...
Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2025-26722)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An elevation of privilege vulnerability exists in Microsoft Exchange Server, which can be exploit...
Microsoft Inbox COM Objects Code Execution Vulnerability (CNVD-2025-25713)
Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24267)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
F5 BIG-IP SSL/TLS Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial of service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when the...
Rockwell Automation Comms-1783-NATR Cross-Site Scripting Vulnerability
Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR is vulnerable to a cross-site scripting vulnerability that is caused by improper validation of user-supplied input. An attacker could exploit...
Mozilla Firefox and Mozilla Thunderbird Memory Misreference Vulnerability
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A memory misreference vulnerability exists in Mozilla Firefox and Mozilla...
Adobe Connect Open Redirect Vulnerability
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect has an open redirection vulnerability that can be exploited by an attacker to cause users to be redirected to a malicious website...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-24448)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Inbox COM Objects Code Execution Vulnerability
Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Excel Resource Management Error Vulnerability
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel, which can be exploited by an attacker to remotely execute code...
Unspecified Vulnerability in Adobe Substance3D Viewer (CNVD-2025-24166)
Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. A security vulnerability exists in Adobe Substance3D Viewer 0.25.2 and earlier versions, which can be exploited by an attacker to cause arbitrary code execution in the current us...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24263)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Unspecified Vulnerability in Microsoft Windows (CNVD-2025-24420)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by an attacker to gain elevated privileges...
WordPress SureForms plugin information disclosure vulnerability
WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...
Out-of-bounds write vulnerability in multiple Mozilla products (CNVD-2025-24625)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...
Mozilla Firefox Spoofing Vulnerability (CNVD-2025-24624)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a spoofing vulnerability, which is caused due to an error in the Customization tab. An attacker can exploit this vulnerability to conduct spoofing attacks...
Mozilla Firefox Spoofing Vulnerability (CNVD-2025-24623)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a spoofing vulnerability, which is caused by a response to a visibilitychange event. An attacker can exploit this vulnerability to conduct spoofing attacks...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-24633)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...
Mozilla Firefox and Mozilla Thunderbird Security Bypass Vulnerability
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security bypass vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...
Code execution vulnerability in multiple Mozilla products (CNVD-2025-24621)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24631)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24261)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-24450)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2025-26108)
Microsoft Windows Server is a set of server operating systems from the American company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows Server, which can be exploited by an attacker to execute arbitrary code on a target system by sending a specially crafted...
Centreon Command Injection Vulnerability (CNVD-2025-24650)
Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a command injection vulnerability that stems from the application's failure to...
F5 BIG-IP SSL/TLS Profile Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2025-26718)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers...
Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-24163)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...