Tenda G3 formDelDhcpRule function buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which originates from the delDhcpIndex parameter in the formDelDhcpRule function that fails to properly validate the length of the input data, and can be exploited by an attacker t...

Tenda G3 formAddVpnUsers function buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which is caused by the vpnUsers parameter in the formAddVpnUsers function failing to correctly validate the length of the input data, and can be exploited by an attacker to execute...

Tenda G3 dns_forward_rule_store function buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which originates from the failure of the rules parameter in the dnsforwardrulestore function to correctly validate the length of the input data, and can be exploited by an attacker...

Tenda G3 addDhcpRule function buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which is caused by the dhcpIndex parameter in the addDhcpRule function failing to correctly validate the length and size of the input data, and can be exploited by an attacker to...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A deserialization vulnerability exists in SAP NetWeaver, which arises from unsafe deserialization of...

Unspecified Vulnerability in SAP NetWeaver (CNVD-2025-21160)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A security vulnerability exists in SAP NetWeaver, which can be exploited by an attacker to potentially...

Unspecified Vulnerability in SAP NetWeaver Application Server (CNVD-2025-21159)

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability in SAP NetWeaver Application Server can be exploited by an attacker to potentially cause sensitive information to be read, modified, or deleted...

SAP NetWeaver Application Server Java Access Control Error Vulnerability (CNVD-2025-21204)

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An Access Control Error vulnerability exists in SAP NetWeaver Application Server Java, which stems...

SAP NetWeaver ABAP Platform Cross-Site Scripting Vulnerability

SAP NetWeaver ABAP Platform is an all-in-one technology platform from SAP. SAP NetWeaver ABAP Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execu...

SAP Fiori App Manage Work Center Groups Cross-Site Request Forgery Vulnerability

SAP Fiori App Manage Work Center Groups is an enterprise application from SAP with the ability to manage and maintain work center groups. A cross-site request forgery vulnerability exists in SAP Fiori App Manage Work Center Groups, which stems from insufficient CSRF protection and can be exploite...

Rockwell Automation ThinManager Server-Side Request Forgery Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A server-side request forgery vulnerability exists in Rockwell Automation ThinManager, which stems from...

Rockwell Automation FactoryTalk Activation Manager Data Exposure Vulnerability

Rockwell Automation is a leading global provider of industrial automation and control solutions focused on helping companies achieve smart manufacturing and digital transformation. A data disclosure vulnerability exists in Rockwell Automation FactoryTalk Activation Manager, which can be exploited...

Unspecified Vulnerability in NVIDIA NVDebug (CNVD-2025-21177)

NVIDIA NVDebug is a debugging and diagnostic tool from NVIDIA. NVIDIA NVDebug contains a security vulnerability that can be exploited by attackers to potentially cause privileged account access, which could lead to code execution, denial of service, elevation of privilege, information disclosure,...

Ivanti Endpoint Manager Code Execution Vulnerability (CNVD-2025-21272)

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...

Ivanti Endpoint Manager Code Execution Vulnerability

Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from insufficient validation of filenames of uploaded...

Adobe Substance3D Viewer Out-of-Bounds Write Vulnerability (CNVD-2025-21423)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

Adobe Substance3D Viewer Out-of-Bounds Write Vulnerability (CNVD-2025-21422)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

Adobe Substance3D Viewer Heap Buffer Overflow Vulnerability

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance3D Modeler Memory Misreference Vulnerability

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

Adobe Substance3D Modeler Code Execution Vulnerability

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which is caused due to an integer overflow error. An attacker can exploit this vulnerability to execute code on the system or cause the...

Adobe Commerce Security Bypass Vulnerability (CNVD-2025-21417)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce that can be exploited by an attacker to bypass security restrictions...

WordPress AI ChatBot for WordPress plugin cross-site scripting vulnerability

WordPress AI ChatBot for WordPress plugin is an Artificial Intelligence ChatBot plugin designed for WordPress websites, which is mainly used to provide 24/7 automated customer service support, generate leads, collect user information and other features. The WordPress AI ChatBot for WordPress plug...

Tenda W30E UploadCfg Function Buffer Overflow Vulnerability

Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability, which originates from the failure of the v17 parameter in the UploadCfg function to properly validat...

Tenda W30E formDeleteMeshNode function buffer overflow vulnerability

Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability that originates from the failure of the String parameter in the formDeleteMeshNode function to...

Tenda G3 ipMacBindListStore function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the listStr parameter in the ipMacBindListStore function fails to...

Tenda G3 guestWifiRuleRefresh function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 suffers from a buffer overflow vulnerability, which stems from the failure of the gstUp parameter in the guestWifiRuleRefresh function t...

Tenda G3 getsinglepppuser function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the pPppUser parameter in the getsinglepppuser function fails to...

Tenda G3 formModifyPppAuthWhiteMac function stack buffer overflow vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formModifyPppAuthWhiteMac function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...

Adobe Substance3D Modeler Out-of-Bounds Read Vulnerability (CNVD-2025-21418)

Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute code on a system or cause the application to crash...

Adobe Experience ManagerXML Entity Injection Vulnerability

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An XML entity injection vulnerability exists in Adobe Experienc...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-21155)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A cross-site scripting vulnerability exists in Adobe Experience...

Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2025-21156)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An input validation error vulnerability exists in Adobe...

Small CRM /profile.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that stems from the /profile.php file not having a secure filter for the Name parameter. No details of the vulnerability are available at this time...

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2025-21151)

Adobe After Effects AE for short is a professional film and television post-effects software launched by Adobe in 1993, support for Windows and MacOS dual-platform, mainly for film and television special effects, motion graphics design and video synthesis. Adobe After Effects has an out-of-bounds...

TP-LINK AX10 Information Disclosure Vulnerability

The TP-LINK AX10 is a router. The TP-LINK AX10 suffers from an information disclosure vulnerability that is caused by a flaw in the explicit transmission of sensitive information. An attacker can exploit the vulnerability to obtain sensitive information...

UTT 750W Buffer Overflow Vulnerability

The UTT 750W is an enterprise-grade dual-band wireless router from the AiTai UTT brand that supports 2.4GHz and 5GHz bands with wireless transmission rates up to 750Mbps. The UTT 750W suffers from a buffer overflow vulnerability, which originates from the handling of the importpictureurl paramete...

Microsoft Office Visio Code Execution Vulnerability

Microsoft Office Visio is a U.S. Microsoft Microsoft Office software series responsible for drawing flowcharts and schematic diagrams in the software. A code execution vulnerability exists in Microsoft Office Visio, which is caused due to improper boundary checking. An attacker could exploit the...

Adobe Premiere Pro Memory Misreference Vulnerability

Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Premiere Pro, which can be exploited by an attacker to cause arbitrary code to be executed in the current user environment...

Microsoft Graphics Kernel Code Execution Vulnerability

Microsoft Graphics Kernel is a kernel-mode graphics driver subsystem from Microsoft. A code execution vulnerability exists in Microsoft Graphics Kernel, which can be exploited by an attacker to execute arbitrary code on a system...

Adobe ColdFusion Path Traversal Vulnerability (CNVD-2025-21409)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability that can be exploited by an attacker to...

Adobe Experience Manager misauthorization vulnerability (CNVD-2025-21153)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A misauthorization vulnerability exists in Adobe Experience...

Online Event Judging System /review_search.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the /reviewsearch.php file not securely filtering the txtsearch parameter. An attacker can exploit this vulnerability to remotely execute...

Online Event Judging System index.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. The Online Event Judging System suffers from a SQL injection vulnerability that originates from the /index.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability by constructing a malicious...

IBM Concert Software Buffer Overflow Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a buffer overflow vulnerability that originate...

Command Injection Vulnerability in RAISECOM DR5374 at RISECOM Technology Development Co.

The RAISECOM DR5374 is a router for home scenarios. A command injection vulnerability exists in the RAISECOM DR5374, which can be exploited by an attacker to execute arbitrary commands as root...

Dell PowerScale OneFS Privilege Permission and Access Control Issues Vulnerability

Dell PowerScale OneFS is an enterprise-class distributed file system from Dell. A privilege mismanagement vulnerability exists in Dell PowerScale OneFS versions prior to 9.12.0.0, which stems from the system failing to properly implement a privilege control mechanism. An attacker could exploit th...

Small CRM /get-quote.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from the /get-quote.php file, which does not perform security filtering on the Contact parameter. An attacker can exploit this vulnerability to illegally manipulate the...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CNVD-2025-23051)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by an attacker to cause a security feature bypass...

POS Point of Sale System /dymanic_table.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...