WordPress Media Player Addons for Elementor plugin cross-site scripting vulnerability

WordPress Media Player Addons for Elementor plugin is a plugin designed for Elementor page builder, mainly used to extend the media playback functionality. A cross-site scripting vulnerability exists in the WordPress Media Player Addons for Elementor plugin, which stems from insufficient input...

WordPress Developer Loggers for Simple History plugin file inclusion vulnerability

WordPress Developer Loggers for Simple History plugin is a logging plugin designed for developers, mainly used to record operational changes in the process of website development or maintenance, to help track issues and optimize site functionality. A file inclusion vulnerability exists in the...

WordPress Catch Dark Mode plugin file inclusion vulnerability

WordPress Catch Dark Mode plugin is an official plugin for enabling dark mode in WordPress websites, offering a wide range of customization options and pre-built theme solutions. The WordPress Catch Dark Mode plugin suffers from a file inclusion vulnerability that stems from a local file inclusio...

WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability

WordPress Blocksy Companion Plugin is a plugin designed to enhance the functionality of WordPress themes. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

WordPress Appointmind plugin cross-site scripting vulnerability

WordPress Appointmind plugin is an online appointment management plugin for WordPress, mainly used to embed the online appointment scheduling feature into posts or sidebars. WordPress Appointmind plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

JetBrains TeamCity Credentials Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a credential disclosure vulnerability that...

JetBrains TeamCity Path Traversal Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a path traversal vulnerability that stems...

JetBrains Junie Command Injection Vulnerability

JetBrains Junie is a coding agent of the Czech company JetBrains. JetBrains Junie suffers from a command injection vulnerability that stems from improper command validation, which can be exploited by an attacker to cause code execution...

User Management System login.php File SQL Injection Vulnerability

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /login.php. An attacker can exploit this vulnerability to...

Online Discussion Forum search_result.php File SQL Injection Vulnerability

Online Discussion Forum is an online forum. Online Discussion Forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /admin/adminforum/searchresult.php. An attacker can exploit this...

Online Discussion Forum edit_member.php File SQL Injection Vulnerability

Online Discussion Forum is an online forum. Online Discussion Forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/editmember.php. An attacker can exploit this vulnerability to...

NVIDIA Triton Inference Server Input Validation Error Vulnerability (CNVD-2025-23136)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an input validation error vulnerability that stems from an improper input validation issue in t...

NVIDIA Triton Inference Server Access Control Error Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. An access control error vulnerability exists in NVIDIA Triton Inference Server, which can be exploited by attackers to cause memory...

Ashlar-Vellum Graphite Stack Buffer Overflow Vulnerability

Ashlar-Vellum Graphite is a CAD modeling software from Ashlar-Vellum. Ashlar-Vellum Graphite suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

JetBrains TeamCity Competitive Conditions Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a competitive condition vulnerability that...

NVIDIA Triton Inference Server Input Validation Error Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an input validation error vulnerability that originates from loading a misconfigured model, whi...

Web-Based Internet Laboratory Management System login.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from the lack of validation of externally entered SQL statements in the parameter useremail in the file login.php...

WordPress Quiz Maker plugin SQL Injection Vulnerability

WordPress Quiz Maker plugin is a WordPress plugin for creating online quizzes, exams and questionnaires with multiple question types and customization support. WordPress Quiz Maker plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally...

NVIDIA Triton Inference Server Out-of-Bounds Write Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from an out-of-bounds write vulnerability that can be exploited by attackers to cause a denial of...

Ashlar-Vellum Cobalt Out-of-Bounds Read Vulnerability (CNVD-2025-22915)

Ashlar-Vellum Cobalt is a 3D modeling software developed by Ashlar Vellum, which supports Windows and Mac systems, and is mainly used for 3D modeling and CAD drawing in industrial product design, architectural design and other fields. Ashlar-Vellum Cobalt suffers from an out-of-bounds read...

Ashlar-Vellum Cobalt Out-of-Bounds Read Vulnerability (CNVD-2025-22939)

Ashlar-Vellum Cobalt is a 3D modeling software developed by Ashlar Vellum, which supports Windows and Mac systems, and is mainly used for 3D modeling and CAD drawing in industrial product design, architectural design and other fields. Ashlar-Vellum Cobalt suffers from an out-of-bounds read...

BMC Control-M Authentication Bypass Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. An authentication bypass vulnerability exists in BMC Control-M that stems from an authentication bypass when using an empty or default kdb keystore or a default...

Apple macOS Tahoe Data Breach Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

Multiple Mozilla Product Spoofing Vulnerabilities (CNVD-2025-26890)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A spoofing vulnerability exists in several Mozilla products and is caused by an...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Microsoft Edge is a web browser from Microsoft that comes with Windows 10 onwards. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which stems from insufficient user interface warnings of dangerous operations, and can be exploited by an attacker to cause a network...

Apple macOS Tahoe environment variable mishandling vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22685)

Apple watchOS is an operating system for smartwatches.Apple iPadOS is an operating system for iPad tablets.Apple visionOS is an operating system for AR glasses. A security vulnerability exists in several Apple products that stems from a logging issue that can be exploited by an attacker to cause ...

BMC Control-M Stack Buffer Overflow Vulnerability

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...

Mozilla Firefox and Mozilla Thunderbird Spoofing Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. Mozilla Firefox and Mozilla Thunderbird have a spoofing vulnerability that can be...

Adobe Substance3D Stager Buffer Overflow Vulnerability

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager 3.1.3 and prior versions, which can be exploited by attackers to cause memory exposure and information disclosure...

Mozilla Focus for iOS Spoofing Vulnerability (CNVD-2025-24634)

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS suffers from a spoofing vulnerability that is caused by an error in the address bar component. An attacker can exploit the vulnerability to conduct spoofing attacks...

Apple Xcode Improper Access Control Vulnerability

Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from an Improper Access Control vulnerability that stems from insufficient sandbox checking, which can be exploited by an attacker...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24652)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Student Result Management System Using PHP Cross-Site Request Forgery Vulnerability

Student Result Management System Using PHP is a student result management system. A cross-site request forgery vulnerability exists in Student Result Management System Using PHP, which stems from a Profile Page that does not adequately validate that a request is coming from a trusted user, no...

ZTE T5400 Information Disclosure Vulnerability

The ZTE T5400 is a router from China's ZTE Corporation ZTE. The ZTE T5400 suffers from an information disclosure vulnerability that originates from an improperly configured access control mechanism, which can be exploited by an attacker to cause information disclosure...

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22681)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.Apple iOS is an operating system for mobile devices.Apple tvOS is an operating system for smart TVs.Apple tvOS is an operating system...

Mozilla Firefox and Mozilla Thunderbird Security Bypass Vulnerability (CNVD-2025-24639)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A security bypass vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24646)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Apple Xcode Denial of Service Vulnerability

Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a denial of service vulnerability that originates from a process crash when handling too large a path value. An attacker can...

Human Resource Integrated System Childs Name Field Cross-Site Scripting Vulnerability

Human Resource Integrated System is a human resource management system. A cross-site scripting vulnerability exists in the Human Resource Integrated System, which stems from an incorrectly filtered input in the Childs Name field and can be exploited by an attacker to cause a cross-site scripting...

Out-of-bounds read vulnerability in multiple Apple products (CNVD-2025-22686)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24636)

MMozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22682)

Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. Several Apple products contain security vulnerabilities that can be exploited by attackers to cause unexpected...

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22680)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.Apple iOS is an operating system for mobile devices.Apple tvOS is an operating system for smart TVs.Apple tvOS is an operating system...

Code execution vulnerability in multiple Mozilla products (CNVD-2025-24651)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

Apple macOS Tahoe Type Obfuscation Vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

Multiple Apple Products Information Disclosure Vulnerability (CNVD-2025-22676)

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system. An information disclosure vulnerability exists in a number of Apple products,...

Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-24653)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. An information disclosure vulnerability exists in several Mozilla products and is...

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2025-22679)

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. apple iOS is an operating system developed for mobile devices. apple macOS is a specialized operating system developed for Mac computers. Apple macOS is a specialized operating system...

Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22678)

Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from insufficient checks when handling...