131179 matches found
BMC Control-M Stack Buffer Overflow Vulnerability
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. BMC Control-M suffers from a stack buffer overflow vulnerability that originates from formatting an error message when SSL/TLS communication is misconfigured, no...
Apple Xcode Path Mishandling Vulnerability
Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a path mishandling vulnerability that can be exploited by an attacker to cause a process crash...
Online Library Management System adminlogin.php Component Elevation of Privilege Vulnerability
Online Library Management System is an online library management system. An elevation of privilege vulnerability exists in the Online Library Management System, which is caused by a flaw in the adminlogin.php component and the Login function, and can be exploited by an attacker to cause an...
Apple Xcode Denial of Service Vulnerability
Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from a denial of service vulnerability that originates from a process crash when handling too large a path value. An attacker can...
Kubernetes Trust Management Issues Vulnerabilities
Kubernetes K8s is an open source system of Kubernetes open source for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a trust management issue vulnerability that stems from the certificate validation logic not properly validating the chain...
Apple Xcode Sandbox Check Insufficiency Vulnerability
Apple Xcode is an integrated development tool that runs on the operating system Mac OS X. It is used for the development of the Mac OS X software. Apple Xcode suffers from an insufficient sandbox checking vulnerability that can be exploited by an attacker to read and write files outside the sandb...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22678)
Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from insufficient checks when handling...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22680)
Apple iOS is an operating system developed for mobile devices.Apple tvOS is an operating system for smart TVs.Apple iPadOS is an operating system for iPad tablets.Apple iOS is an operating system for mobile devices.Apple tvOS is an operating system for smart TVs.Apple tvOS is an operating system...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22687)
Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from a permissions issue that can be...
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Microsoft Edge is a web browser from Microsoft that comes with Windows 10 onwards. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which stems from insufficient user interface warnings of dangerous operations, and can be exploited by an attacker to cause a network...
Multiple Mozilla Product Spoofing Vulnerabilities (CNVD-2025-26890)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A spoofing vulnerability exists in several Mozilla products and is caused by an...
Mozilla Firefox and Mozilla Thunderbird Spoofing Vulnerability
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. Mozilla Firefox and Mozilla Thunderbird have a spoofing vulnerability that can be...
Unspecified Vulnerability in BMC Control-M
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M that originates when an email address in a client certificate stops validating when it encounters a NULL byte, whi...
Apple macOS Tahoe Permission Issues Vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Apple macOS Tahoe Permission Issue Vulnerability (CNVD-2025-22598)
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Adobe Substance3D Stager Buffer Overflow Vulnerability
Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager 3.1.3 and prior versions, which can be exploited by an attacker to cause code execution in the current user environment...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24646)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Unspecified Vulnerability in BMC Control-M (CNVD-2025-22541)
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...
Computer Laboratory System File Upload Vulnerability
Computer Laboratory System is a computer laboratory system. A file upload vulnerability exists in Computer Laboratory System that stems from the file upload feature not restricting file types, no details of the vulnerability are available at this time...
BMC Control-M Authentication Bypass Vulnerability
BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. An authentication bypass vulnerability exists in BMC Control-M that stems from an authentication bypass when using an empty or default kdb keystore or a default...
Apple macOS Tahoe state mismanagement vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Apple macOS Tahoe sandbox under-limit vulnerability (CNVD-2025-22593)
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22682)
Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. Several Apple products contain security vulnerabilities that can be exploited by attackers to cause unexpected...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-24636)
MMozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Apple macOS Tahoe Out-of-Bounds Read Vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2025-24635)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
ZTE T5400 License Issue Vulnerability
The ZTE T5400 is a router from China's ZTE Corporation ZTE. The ZTE T5400 suffers from an authorization issue vulnerability, which stems from improper control of web module interface privileges, and can be exploited by an attacker to obtain sensitive information...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22673)
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple macOS Tahoe is an operating system.... A security vulnerability exists in several Apple products that stems from improper handling of sensitive information and can be exploited...
Apple macOS Tahoe Permission Issues Vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Apple macOS Tahoe Permission Issue Vulnerability (CNVD-2025-22393)
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Apple macOS Sonoma Logic Issue Vulnerability
Apple macOS Sonoma is an operating system launched on June 5, 2023 by Apple. Apple macOS Sonoma has a logic problem vulnerability that can be exploited by an attacker to cause an application to access sensitive user data...
Apple macOS Tahoe Boundary Check Insufficiency Vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Student Result Management System Using PHP Cross-Site Request Forgery Vulnerability
Student Result Management System Using PHP is a student result management system. A cross-site request forgery vulnerability exists in Student Result Management System Using PHP, which stems from a Profile Page that does not adequately validate that a request is coming from a trusted user, no...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22677)
Apple iOS is an operating system developed for mobile devices.Apple watchOS is a smartwatch operating system.Apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in a number of Apple products that stems from improper memory handling when...
Code execution vulnerability in multiple Mozilla products (CNVD-2025-26891)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...
Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-24653)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. An information disclosure vulnerability exists in several Mozilla products and is...
Mattermost Input Validation Error Vulnerability (CNVD-2025-22091)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an input validation error vulnerability that stems from an unvalidated redirectto parameter, which can be exploited by an attacker to cause theft of a user's cookie via a...
Apple macOS Tahoe Permission Issues Vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Apple macOS Tahoe environment variable mishandling vulnerability
Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2025-22683)
Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating system.Apple watchOS is a smart watch operating...
Unspecified vulnerability in curl (CNVD-2025-21413)
curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...
Online Shopping Portal Cross-Site Scripting Vulnerability
Online Shopping Portal is an online store. A cross-site scripting vulnerability exists in Online Shopping Portal, which can be exploited by an attacker to cause a cross-site scripting attack, due to a failure to clean inputs to the quantity parameter when adding items to the shopping cart...
Unspecified Vulnerability in AXIS BANK Axis Mobile App
AXIS BANK Axis Mobile App is a mobile banking application by AXIS BANK India. AXIS BANK Axis Mobile App version 9.9 has a security vulnerability that can be exploited by an attacker that may lead to the disclosure of account information, balances, transaction history and other data...
D-Link DIR-823x Command Injection Vulnerability
The D-Link DIR-823X is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823x 250416 and prior versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter targetaddr in the fi...
Wavlink WL-WN578W2 sub_404DBC Function OS Command Injection Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...
Wavlink WL-WN578W2 sub_404850 function OS Command Injection Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An operating system command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter deletelist in the function sub404850 in the file /cgi-bin/wireless.cgi that fails to correctly...
Wavlink WL-WN578W2 sub_409184 Command Injection Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter selEncrypTyp of the function sub409184 in the file /wizardrep.shtml that fails to correctly filter the constructor...
Wavlink WL-WN578W2 Access Control Error Vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. An access control error vulnerability exists in the Wavlink WL-WN578W2 version 221110, which originates from an incorrect access control in the file /liveonline.shtml, which can be exploited by an attacker to cause information...
Wavlink WL-WN578W2 sub_401C5C function command injection vulnerability
The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...
Flowise Access Control Error Vulnerability
Flowise is a FlowiseAI open source tool for easily building LLM applications. An Access Control Error vulnerability exists in Flowise 3.0.5 and prior versions, which stems from the forgot-password endpoint returning a password reset token without authentication, and can be exploited by an attacke...