131179 matches found
Microsoft Windows SMB Client Authorization Issues Vulnerability
Microsoft Windows SMB Client is a Microsoft application. An SMB client. Microsoft Windows SMB Client has a security vulnerability that can be exploited by attackers to tamper with information...
Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2025-29351)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by attackers to elevate privileges...
Ivanti Endpoint Manager SQL Injection Vulnerability
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...
ASUS Armoury Crate Null Pointer Dereference Vulnerability
ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a null pointer dereference vulnerability that can be exploited by attackers to cause a system crash...
WordPress Simple SEO plugin cross-site scripting vulnerability
WordPress Simple SEO plugin is an SEO optimization tool designed based on the SimpleTags plugin, which is mainly used to help users simplify search engine optimization SEO operations. WordPress Simple SEO plugin suffers from a cross-site scripting vulnerability that stems from the application's...
D-Link DAP-2695 Operating System Command Injection Vulnerability
The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 version 2.00RC131 suffers from an operating system command injection vulnerability, which originates from the failure of the function fwupdatermain of the component Firmware Upda...
Rockwell Automation Comms-1783-NATR Cross-Site Request Forgery Vulnerability
Rockwell Automation Comms-1783-NATR is an industrial Ethernet address translation device from Rockwell Automation. The Rockwell Automation Comms-1783-NATR suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to cause a specially crafted link to trick a...
Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-24630)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...
F5 BIG-IP iHealth Tool Privilege Bypass Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A privilege bypass vulnerability exists in the BIG-IP's iHealth tool a module of the TMOS Shell. The vulnerability occurs...
Unspecified Vulnerability in Microsoft Windows (CNVD-2025-24644)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability that can be exploited by attackers to remotely execute code...
F5 BIG-IP IPsec Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the IPsec module of BIG-IP, which can be exploited to cause the termination of the...
F5 BIG-IP SSL Orchestrator Memory Corruption Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A memory corruption vulnerability exists in the Explicit Forward Proxy module of the BIG-IP SSL Orchestrator. The vulnerabilit...
IBM MQ Denial of Service Vulnerability (CNVD-2026-19183)
IBM MQ is a leading enterprise-class messaging middleware designed for cross-platform asynchronous communication. It uses a queuing mechanism to ensure reliable and secure data transfer between applications and supports integration in heterogeneous environments. A denial of service vulnerability...
Code execution vulnerability in multiple Mozilla products (CNVD-2025-24628)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2025-24205)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Ivanti Endpoint Manager SQL Injection Vulnerability
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Mozilla Firefox and Mozilla Thunderbird Code Execution Vulnerability (CNVD-2025-24627)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...
Fortinet FortiClientMAC Resource Management Error Vulnerability
Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. Fortinet FortiClientMAC has a resource management error vulnerability that stems from improper allocation of critical resource permissions, which can be exploited by an attacker to cause a local...
Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-24395)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...
Microsoft Word Code Execution Vulnerability (CNVD-2025-26721)
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component that can be exploited by an attacker to elevate privileges...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24262)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-24447)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Memory Misreference Vulnerability in Multiple Mozilla Products (CNVD-2025-24622)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A memor...
Code execution vulnerability in multiple Mozilla products (CNVD-2025-24626)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...
Microsoft Office Denial of Service Vulnerability (CNVD-2025-24415)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A denial of service vulnerability exists in Microsoft Office, which can be exploited by attackers to cause...
WordPress Felan Framework Improper Authentication Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24264)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24265)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Cross-site scripting vulnerability in multiple Mozilla products (CNVD-2025-24632)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Rockwell Automation 1715-AENTR EtherNet/IP Adapter Denial of Service Vulnerability
The Rockwell Automation 1715-AENTR EtherNet/IP Adapter is a redundant Ethernet adapter module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, which stems from improper handling of specially crafted payloads by CIP...
Adobe Connects Cross-Site Scripting Vulnerability (CNVD-2025-24428)
Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in a victim's browser...
Rockwell Automation 1715-AENTR EtherNet/IP Adapter Denial of Service Vulnerability (CNVD-2025-24581)
The Rockwell Automation 1715-AENTR EtherNet/IP Adapter is a redundant Ethernet adapter module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 1715-AENTR EtherNet/IP Adapter, which can be exploited by an attacker to cause a web server to crash...
F5 BIG-IP TMM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in BIG-IP's TMM Traffic Management Microkernel module, which arises because specific...
Adobe Dimension Memory Misreference Vulnerability (CNVD-2025-24255)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. A memory misreference vulnerability exists in Adobe Dimension, which can be exploited by an attacker to cause arbitrary code execution in the current user environment...
F5 BIG-IP TMM Data Tampering Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A data tampering vulnerability exists in the TMM module of BIG-IP, which arises because undisclosed traffic can lead to data...
Rockwell Automation PanelView Plus 7 Performance Series B Authentication Bypass Vulnerability
Rockwell Automation PanelView Plus 7 Performance Series B is a versatile HMI application from Rockwell Automation. An authentication bypass vulnerability exists in Rockwell Automation PanelView Plus 7 Performance Series B, which can be exploited by an attacker to cause unauthorized access,...
Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24266)
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
Microsoft Word Code Execution Vulnerability (CNVD-2025-26720)
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute code...
Microsoft Windows SMB Server Access Control Error Vulnerability
Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A security vulnerability exists in Microsoft Windows SMB Server that can be exploited by an...
Fortinet FortiClient MacOS installer data forgery issue vulnerability
Fortinet FortiClient MacOS installer is a client installer from Fortinet. The Fortinet FortiClient MacOS installer suffers from a data forgery issue vulnerability that stems from improper cryptographic signature validation, which can be exploited by an attacker to cause elevation of privilege for...
fortinet FortiVoice Operating System Command Injection Vulnerability
FortiVoice is Fortinet's all-in-one enterprise voice over IP communications system. A command injection vulnerability exists in the Fortinet FortiVoice operating system that stems from improper neutralization of specific elements. An attacker could exploit this vulnerability to construct a...
Fortinet FortiPAM OS Command Injection Vulnerability (CNVD-2025-24146)
FortiPAM is Fortinet's privileged access management solution for centralized management of sensitive enterprise credentials. A security vulnerability exists in Fortinet FortiPAM that stems from an insufficiently strong authentication mechanism. An attacker could exploit the vulnerability to execu...
fortinet FortiAnalyzer License Issues Vulnerability
FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...
fortinet FortiAnalyzer Competitive Conditions Issue Vulnerability
FortiAnalyzer is Fortinet's centralized security log management and analysis platform. FortiAnalyzer suffers from a competitive condition vulnerability that stems from an improper synchronization mechanism for shared resources. An attacker can exploit this vulnerability to bypass the FortiCloud...
fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-24143)
FortiOS is Fortinet's network operating system that provides firewall, VPN and network security features. A security vulnerability exists in Fortinet FortiOS that stems from an API interface that does not validate return values. An attacker could use this vulnerability to trigger a null pointer...
fortinet FortiADC Information Disclosure Vulnerability
FortiADC is an application delivery controller from Fortinet designed to optimize application performance, provide load balancing and enhance security. FortiADC suffers from a security vulnerability that stems from the program's failure to provide adequate access control for sensitive data access...
Fortinet FortiOS Access Control Error Vulnerability (CNVD-2025-24145)
Fortinet FortiOS is a network operating system developed by Fortinet for use in its firewall and network security appliances. A security vulnerability exists in Fortinet FortiOS that stems from a flaw in the authorization mechanism. An attacker could exploit the vulnerability to access static fil...
Huawei HarmonyOS device management module buffer overflow vulnerability vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS device management module and can be exploited by an attacker to affect availability...