Huawei HarmonyOS runtime interpreter module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS runtime interpreter module, which can be exploited by an attacker to cause an availability...

Huawei HarmonyOS home screen module privilege checksum vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege checksum vulnerability exists in the Huawei HarmonyOS home screen module, which can be exploited by an attacker to compromise usability...

Google Android heap buffer overflow vulnerability (CNVD-2025-21351)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

POS Point of Sale System /2512.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

POS Point of Sale System 6776.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

POS Point of Sale System /complex_header_2.php file cross-site scripting vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

POS Point of Sale System /deferred_table.php Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

POS Point of Sale System /dom_data_th.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

POS Point of Sale System dom_data_two_headers.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability, which originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

POS Point of Sale System /empty_table.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...

Huawei HarmonyOS Ark eTS Module Denial of Service Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in the Huawei HarmonyOS Ark eTS module, which can be exploited by attackers to cause availability to be compromised...

POS Point of Sale System /-complex_header.php file cross-site scripting vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

Google Android Information Disclosure Vulnerability (CNVD-2025-21348)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by a lack of permission checking in the audio service. An attacker can exploit the vulnerability to obtain the MAC address of a nearby...

WordPress plugin Add to Feedly cross-site request forgery vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Add to Feedly, no detailed...

Online Course Registration semester parameter SQL injection vulnerability

Online Course Registration is an online course registration system. A SQL injection vulnerability exists in Online Course Registration due to a lack of validation of externally entered SQL statements by the parameter semester. An attacker can exploit this vulnerability to execute illegal SQL...

Huawei HarmonyOS device standby module competitive conditions loophole

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device standby module, which can be exploited by an attacker to cause the system device...

Huawei HarmonyOS audio module competitive conditions loophole

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS audio module, which can be exploited by attackers to cause functional stability to be...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

Cisco Integrated Management Controller IMC is a set of software used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down and restarting the server. A cross-site scripting vulnerability exists in Cisco...

Cisco Integrated Management Controller Input Validation Error Vulnerability

Cisco Integrated Management Controller IMC is a set of software used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down and restarting the server. An input validation error vulnerability exists in Cisco...

WordPress Aitasi Coming Soon plugin deserialization vulnerability

WordPress Aitasi Coming Soon plugin is a plugin for creating professional coming soon pages Coming Soon or maintenance mode pages that can be built quickly without coding or design skills. The WordPress Aitasi Coming Soon plugin suffers from a deserialization vulnerability that arises from unsafe...

Google Android Classic Buffer Overflow Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a classic buffer overflow vulnerability that can be exploited by an attacker to cause local information disclosure...

Google Android Information Disclosure Vulnerability (CNVD-2025-21366)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Google Android Out-of-Bounds Write Vulnerability (CNVD-2025-21352)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause local information disclosure...

Google Android elevation of privilege vulnerability (CNVD-2025-21350)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an obfuscated agent in the system's user interface. An attacker can exploit the vulnerability to gain elevated privileges on the system...

D-Link DIR-825 ping6_ipaddr parameter buffer overflow vulnerability

D-Link DIR-825 is a dual-band wireless router for SMB and SOHO environments from AUO D-Link, supporting 2.4GHz and 5GHz bands at the same time to meet the demand for multi-device HD video transmission. The D-Link DIR-825 suffers from a buffer overflow vulnerability that originates from the...

WordPress Plugin AdForest Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin AdForest 6.0.9 and prior versions, which stems from...

Google Android Information Disclosure Vulnerability (CNVD-2025-21349)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

WordPress Admin Menu Editor plugin cross-site scripting vulnerability

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...

Cisco NX-OS Software Operating System Command Injection Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software suffers from an operating system command injection vulnerability that stems from insufficient user input validation, which can be exploited by an...

Google Android elevation of privilege vulnerability (CNVD-2025-28664)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21128)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/debug-log/db endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials...

Google Android elevation of privilege vulnerability (CNVD-2025-30727)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause arbitrary Java code to be loaded in a privileged environment...

Google Android Information Disclosure Vulnerability (CNVD-2025-23028)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an insecure default value flaw in the generateRandomPasword function in LocalBluetoothLeBroadcast.java. An attacker can exploit the leak to obtai...

NVIDIA Cumulus Linux and NVIDIA NVOS Log Information Disclosure Vulnerability

NVIDIA Cumulus Linux is an open network operating system.NVIDIA NVOS is an operating system. A log information disclosure vulnerability exists in NVIDIA Cumulus Linux and NVIDIA NVOS. The vulnerability stems from a hash password that is not properly hidden in log files and can be exploited by an...

Google Android Denial of Service Vulnerability (CNVD-2025-23029)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability caused by a logic error in multiple functions of DexUseManagerLocal.java. An attacker can exploit the vulnerability to cause the system server to crash...

Google Android Logic Error Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from a logic error vulnerability that can be exploited by...

Google Android elevation of privilege vulnerability (CNVD-2025-26731)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21124)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input by the /apprain/developer/addons/update/tablesorter endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticati...

Google Android elevation of privilege vulnerability (CNVD-2025-23044)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a missing privilege check in the onCreate function in UninstallerActivity.java. An attacker can exploit this vulnerability to gain elevated privileg...

Google Android Information Disclosure Vulnerability (CNVD-2025-24500)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by an attacker to cause local information disclosure...

Google Android elevation of privilege vulnerability (CNVD-2025-24501)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges due to a logic error in the executeAppFunction function in AppSearchManagerService.java that...

Google Android Denial of Service Vulnerability (CNVD-2025-24502)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability caused by resource exhaustion when repeatedly adding allowed packages to the allowPackageAccess function in multiple files. An attacker could exploit the...

Google Android elevation of privilege vulnerability (CNVD-2025-24503)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local privilege escalation...

Google Android Information Disclosure Vulnerability (CNVD-2025-24498)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a logic error in the writeContent function in RemotePrintDocument.java. An attacker can exploit this vulnerability to obtain sensitive informatio...

Google Android elevation of privilege vulnerability (CNVD-2025-24496)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an unsafe deserialization flaw in the assertSafeToStartCustomActivity function in AppRestrictions Fragment.java. An attacker can exploit the...

Google Android elevation of privilege vulnerability (CNVD-2025-24495)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

Google Pixel elevation of privilege vulnerability (CNVD-2025-25481)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker that may lead to out-of-bounds writes and local elevation of privilege...

Google Android elevation of privilege vulnerability (CNVD-2025-26879)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a path traversal error in multiple locations, which can be exploited by an attacker to gain elevated privileges on the system...

Google Android Information Disclosure Vulnerability (CNVD-2025-26880)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by an attacker to cause local information disclosure...

Google Android elevation of privilege vulnerability (CNVD-2025-26883)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to incorrect input validation in the getCallingAppName function in Shared.java, which results in a user granting file access via deceptive text in the...