131179 matches found
Tenda F3 goform/setWifi file buffer overflow vulnerability
Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability that originates from the goform/setWifi file failing to properly validate the length size of the input data, which can be exploited by an...
IBM Security Verify Information Queue Denial of Service Vulnerability
IBM Security Verify Information Queue is a microservices architecture integration platform that leverages Kafka technology and a publish/subscribe model to integrate data between IBMSecurity products, acting as a cross-product data exchange hub. A denial of service vulnerability exists in IBM...
Tenda F3 macFilterList Parameter Buffer Overflow Vulnerability
Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability, which stems from the goform/setNAT file macFilterList parameter failing to properly validate the length size of the input data, which can be...
Dell PowerProtect Data Manager Log Information Disclosure Vulnerability
Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. A log information disclosure vulnerability exists in Dell PowerProtect Data Manager versions 19.19 and 19.20, which...
Tenda F3 goform/setNAT file portList parameter buffer overflow vulnerability
Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability, which stems from the /goform/setNAT file portList parameter failing to properly validate the length size of the input data, which can be...
WordPress Maspik - Ultimate Spam Protection plugin Cross-Site Request Forgery Vulnerability
WordPress Heateor Maspik - Ultimate Spam Protection plugin is an anti-spam plugin designed specifically for WordPress that protects contact forms, comment areas and signup forms from spam through a variety of technical means. The WordPress Maspik - Ultimate Spam Protection plugin suffers from a...
JEPaaS Access Control Error Vulnerability
JEPaaS is a low-code rapid development platform for building enterprise-class applications. A security vulnerability exists in JEPaaS 7.2.8, which stems from the doFilterInternal function of the Filter Handler component not properly enforcing access control. The vulnerability can be exploited by ...
ChanCMS SQL Injection Vulnerability
ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...
Tenda F3 goform/setQoS file buffer overflow vulnerability
Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability that originates from the QosList parameter of the goform/setQoS file failing to properly validate the length size of the input data, which can...
WordPress Duplicate Page and Post plugin SQL Injection Vulnerability
WordPress Duplicate Page and Post plugin is a plugin for quickly duplicating pages or posts, supporting one-click cloning of existing content and saving it to draft, private or public status, for users who need to batch process website content. WordPress Duplicate Page and Post plugin suffers fro...
Adobe Dreamweaver Desktop Cross-Site Request Forgery Vulnerability
Adobe Dreamweaver Desktop is a web design and development software from the American company Audobee Adobe. Adobe Dreamweaver Desktop suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environme...
WordPress AI ChatBot for WordPress plugin cross-site scripting vulnerability
WordPress AI ChatBot for WordPress plugin is an Artificial Intelligence ChatBot plugin designed for WordPress websites, which is mainly used to provide 24/7 automated customer service support, generate leads, collect user information and other features. The WordPress AI ChatBot for WordPress plug...
Adobe Experience Manager server-side request forgery vulnerability (CNVD-2025-21154)
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A server-side request forgery vulnerability exists in Adobe...
Ivanti Endpoint Manager Code Execution Vulnerability (CNVD-2025-21272)
Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from a lack of adequate validation of filenames of upload...
Tenda G3 formSetDebugCfg function stack buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formSetDebugCfg function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...
Microsoft Sharepoint Remote Code Execution Vulnerability (CNVD-2025-26724)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Tenda W30E formDeleteMeshNode function buffer overflow vulnerability
Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability that originates from the failure of the String parameter in the formDeleteMeshNode function to...
UTT 1200GW Buffer Overflow Vulnerability
The UTT 1200GW is an enterprise-grade wireless router from Atech Technology UTT designed to meet the networking needs of small to medium-sized businesses or large space office environments. The UTT 1200GW suffers from a buffer overflow vulnerability that stems from insufficient boundary validatio...
Tenda G3 modifyDhcpRule function buffer overflow vulnerability
Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the bindDhcpIndex parameter in the modifyDhcpRule function fails to...
TP-LINK AX10 Information Disclosure Vulnerability
The TP-LINK AX10 is a router. The TP-LINK AX10 suffers from an information disclosure vulnerability that is caused by a flaw in the explicit transmission of sensitive information. An attacker can exploit the vulnerability to obtain sensitive information...
Tenda G3 formDelDhcpRule function buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which originates from the delDhcpIndex parameter in the formDelDhcpRule function that fails to properly validate the length of the input data, and can be exploited by an attacker t...
Microsoft Office Code Execution Vulnerability (CNVD-2025-26728)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...
SAP NetWeaver ABAP Platform Cross-Site Scripting Vulnerability
SAP NetWeaver ABAP Platform is an all-in-one technology platform from SAP. SAP NetWeaver ABAP Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execu...
UTT 1250GW Buffer Overflow Vulnerability
The UTT 1250GW is an enterprise-grade wireless router from Atech Technology Limited UTT designed for small and medium-sized office environments SOHO, focusing on network performance, stability and management features. The UTT 1250GW suffers from a buffer overflow vulnerability that originates fro...
Tenda AC20 Buffer Overflow Vulnerability
Tenda AC20 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC20 16.03.08.12 and earlier versions, which originates from the improper handling of the mac parameter in the strcpy function in the /goform/GetParentControlInfo file. The vulnerability can be...
Unspecified Vulnerability in SAP NetWeaver Application Server (CNVD-2025-21159)
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability in SAP NetWeaver Application Server can be exploited by an attacker to potentially cause sensitive information to be read, modified, or deleted...
UTT 1200GW Buffer Overflow Vulnerability
The UTT 1200GW is an enterprise-grade wireless router from Atech Technology UTT designed to meet the networking needs of small to medium-sized businesses or large space office environments. The UTT 1200GW suffers from a buffer overflow vulnerability that originates from the sub4B48F8 function in...
Small CRM /profile.php File SQL Injection Vulnerability
Small CRM is a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that stems from the /profile.php file not having a secure filter for the Name parameter. No details of the vulnerability are available at this time...
Tenda G3 formIPMacBindModify function stack buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formIPMacBindModify function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...
Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2025-21165)
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An input validation error vulnerability exists in Adobe...
Fortinet FortiDDoS-F Operating System Command Injection Vulnerability
Fortinet FortiDDoS-F is a distributed denial-of-service protection system from the U.S. company Fiat Fortinet. Fortinet FortiDDoS-F suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which can be exploited by an attacker t...
Microsoft Office Code Execution Vulnerability (CNVD-2025-26726)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which is caused due to improper boundary checkin...
Microsoft PowerPoint Code Execution Vulnerability (CNVD-2025-26723)
Microsoft PowerPoint is a document presentation tool in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft PowerPoint, which can be exploited by an attacker to execute arbitrary code on a system...
Adobe Premiere Pro Memory Misreference Vulnerability
Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Premiere Pro, which can be exploited by an attacker to cause arbitrary code to be executed in the current user environment...
Microsoft Graphics Kernel Code Execution Vulnerability
Microsoft Graphics Kernel is a kernel-mode graphics driver subsystem from Microsoft. A code execution vulnerability exists in Microsoft Graphics Kernel, which can be exploited by an attacker to execute arbitrary code on a system...
Tenda G3 getsinglepppuser function buffer overflow vulnerability
Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the pPppUser parameter in the getsinglepppuser function fails to...
Tenda G3 ipMacBindListStore function buffer overflow vulnerability
Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the listStr parameter in the ipMacBindListStore function fails to...
Adobe Commerce Security Bypass Vulnerability (CNVD-2025-21417)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security bypass vulnerability exists in Adobe Commerce that can be exploited by an attacker to bypass security restrictions...
Adobe Substance3D Modeler Code Execution Vulnerability
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which is caused due to an integer overflow error. An attacker can exploit this vulnerability to execute code on the system or cause the...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21391)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused due to incorrect boundary checking. An attacker can exploit the vulnerability to overflow a buffer and execute arbitrary code on t...
Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-21393)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to obtain sensitive information...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21395)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21396)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21397)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Tenda G3 formModifyPppAuthWhiteMac function stack buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formModifyPppAuthWhiteMac function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2025-21151)
Adobe After Effects AE for short is a professional film and television post-effects software launched by Adobe in 1993, support for Windows and MacOS dual-platform, mainly for film and television special effects, motion graphics design and video synthesis. Adobe After Effects has an out-of-bounds...
Microsoft Office Visio Code Execution Vulnerability
Microsoft Office Visio is a U.S. Microsoft Microsoft Office software series responsible for drawing flowcharts and schematic diagrams in the software. A code execution vulnerability exists in Microsoft Office Visio, which is caused due to improper boundary checking. An attacker could exploit the...
Adobe ColdFusion Path Traversal Vulnerability (CNVD-2025-21409)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion suffers from a path traversal vulnerability that can be exploited by an attacker to...
Adobe Substance3D Modeler Out-of-Bounds Read Vulnerability (CNVD-2025-21418)
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute code on a system or cause the application to crash...
Adobe Substance3D Modeler Memory Misreference Vulnerability
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute arbitrary code in the context of the current user...