131179 matches found
Adobe Substance3D Modeler Memory Misreference Vulnerability
Adobe Substance3D Modeler is a 3D modeling software from the American company Audobee Adobe. A code execution vulnerability exists in Adobe Substance3D Modeler, which can be exploited by an attacker to execute arbitrary code in the context of the current user...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21392)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. Microsoft Excel Code Execution Vulnerability, the vulnerability is caused due to failure to free memory on the heap. An attacker can exploit this vulnerability to execute arbitrary code on the system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21394)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-21398)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
SAP NetWeaver Application Server Java Access Control Error Vulnerability (CNVD-2025-21204)
SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An Access Control Error vulnerability exists in SAP NetWeaver Application Server Java, which stems...
Tenda G3 formDelPortMapping function stack buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formDelPortMapping function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...
Adobe Experience Manager Input Validation Error Vulnerability (CNVD-C-2025-521942)
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An input validation error vulnerability exists in Adobe...
Adobe Substance3D Viewer Heap Buffer Overflow Vulnerability
Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Tenda W30E werlessAdvancedSet Function Buffer Overflow Vulnerability
Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability that originates from the failure of the countryCode parameter in the werlessAdvancedSet function to...
Tenda G3 formAddVpnUsers function buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which is caused by the vpnUsers parameter in the formAddVpnUsers function failing to correctly validate the length of the input data, and can be exploited by an attacker to execute...
Adobe Substance3D Viewer Out-of-Bounds Write Vulnerability (CNVD-2025-21423)
Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...
Adobe Experience Manager misauthorization vulnerability (CNVD-2025-21153)
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A misauthorization vulnerability exists in Adobe Experience...
Adobe After Effects Out-of-Bounds Read Vulnerability
Adobe After Effects AE for short is a professional film and television post-effects software launched by Adobe in 1993, support for Windows and MacOS dual-platform, mainly for film and television special effects, motion graphics design and video synthesis. Adobe After Effects has an out-of-bounds...
Tenda G3 formSetStaticRoute function stack buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda G3 formSetStaticRoute function, which can be exploited by an attacker to cause a denial of service DoS via a specially crafted request...
D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23471)
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the sub415028 function in the goform/setsticleases file. An attacker can exploit the vulnerability to execute arbitrary commands on the system...
SAP NetWeaver Deserialization Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A deserialization vulnerability exists in SAP NetWeaver, which arises from unsafe deserialization of...
Ivanti Endpoint Manager Code Execution Vulnerability
Ivanti Endpoint Manager is a unified endpoint management solution for multiple operating systems such as Windows, macOS, Linux, Chrome OS and supports IoT devices. A code execution vulnerability exists in Ivanti Endpoint Manager that stems from insufficient validation of filenames of uploaded...
Unspecified Vulnerability in SAP NetWeaver (CNVD-2025-21160)
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A security vulnerability exists in SAP NetWeaver, which can be exploited by an attacker to potentially...
Adobe Experience Manager Input Validation Error Vulnerability (CNVD-2025-21156)
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An input validation error vulnerability exists in Adobe...
Adobe Substance3D Viewer Out-of-Bounds Write Vulnerability (CNVD-2025-21422)
Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...
Adobe Experience ManagerXML Entity Injection Vulnerability
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. An XML entity injection vulnerability exists in Adobe Experienc...
Tenda G3 dns_forward_rule_store function buffer overflow vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A buffer overflow vulnerability exists in Tenda G3 v3.0brV15.11.0.17, which originates from the failure of the rules parameter in the dnsforwardrulestore function to correctly validate the length of the input data, and can be exploited by an attacker...
Siemens SINAMICS G220, SINAMICS S210 and SINAMICS S200 Elevation of Privilege Vulnerability
SINAMICS G220 is a high-performance, single-axis variable-frequency drive from Siemens.SINAMICS S210 is a high-performance, single-axis servo drive from Siemens.SINAMICS S200 is a high-performance, cost-effective, single-axis AC servo drive from Siemens for standard automation applications...
UTT 750W Buffer Overflow Vulnerability
The UTT 750W is an enterprise-grade dual-band wireless router from the AiTai UTT brand that supports 2.4GHz and 5GHz bands with wireless transmission rates up to 750Mbps. The UTT 750W suffers from a buffer overflow vulnerability, which originates from the handling of the importpictureurl paramete...
Tenda W30E UploadCfg Function Buffer Overflow Vulnerability
Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability, which originates from the failure of the v17 parameter in the UploadCfg function to properly validat...
Rockwell Automation FactoryTalk Activation Manager Data Exposure Vulnerability
Rockwell Automation is a leading global provider of industrial automation and control solutions focused on helping companies achieve smart manufacturing and digital transformation. A data disclosure vulnerability exists in Rockwell Automation FactoryTalk Activation Manager, which can be exploited...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2025-21150)
Adobe After Effects AE for short is a professional film and television post-effects software launched by Adobe in 1993, support for Windows and MacOS dual-platform, mainly for film and television special effects, motion graphics design and video synthesis. Adobe After Effects has an out-of-bounds...
SAP Fiori App Manage Work Center Groups Cross-Site Request Forgery Vulnerability
SAP Fiori App Manage Work Center Groups is an enterprise application from SAP with the ability to manage and maintain work center groups. A cross-site request forgery vulnerability exists in SAP Fiori App Manage Work Center Groups, which stems from insufficient CSRF protection and can be exploite...
SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)
SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...
Rockwell Automation ThinManager Server-Side Request Forgery Vulnerability
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A server-side request forgery vulnerability exists in Rockwell Automation ThinManager, which stems from...
Microsoft OfficePlus Spoofing Vulnerability
Microsoft Office is an office software suite product of Microsoft Corporation, USA.OfficePLUS is the official Office plug-in from Microsoft. A spoofing vulnerability exists in Microsoft OfficePlus, which can be exploited by attackers to spoof and obtain sensitive information over the network...
Unspecified Vulnerability in NVIDIA NVDebug (CNVD-2025-21177)
NVIDIA NVDebug is a debugging and diagnostic tool from NVIDIA. NVIDIA NVDebug contains a security vulnerability that can be exploited by attackers to potentially cause privileged account access, which could lead to code execution, denial of service, elevation of privilege, information disclosure,...
Fortinet FortiDDoS-F Operating System Command Injection Vulnerability
Fortinet FortiDDoS-F is a distributed denial-of-service protection system from the U.S. company Fiat Fortinet. Fortinet FortiDDoS-F suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which can be exploited by an attacker t...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-21155)
Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A cross-site scripting vulnerability exists in Adobe Experience...
Online Event Judging System index.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. The Online Event Judging System suffers from a SQL injection vulnerability that originates from the /index.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability by constructing a malicious...
Small CRM /get-quote.php File SQL Injection Vulnerability
Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from the /get-quote.php file, which does not perform security filtering on the Contact parameter. An attacker can exploit this vulnerability to illegally manipulate the...
Command Injection Vulnerability in RAISECOM DR5374 at RISECOM Technology Development Co.
The RAISECOM DR5374 is a router for home scenarios. A command injection vulnerability exists in the RAISECOM DR5374, which can be exploited by an attacker to execute arbitrary commands as root...
Online Event Judging System /review_search.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the /reviewsearch.php file not securely filtering the txtsearch parameter. An attacker can exploit this vulnerability to remotely execute...
IBM Concert Software Buffer Overflow Vulnerability
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a buffer overflow vulnerability that originate...
Dell PowerScale OneFS Privilege Permission and Access Control Issues Vulnerability
Dell PowerScale OneFS is an enterprise-class distributed file system from Dell. A privilege mismanagement vulnerability exists in Dell PowerScale OneFS versions prior to 9.12.0.0, which stems from the system failing to properly implement a privilege control mechanism. An attacker could exploit th...
POS Point of Sale System dom_data_two_headers.php File Cross-Site Scripting Vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability, which originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
Cisco Integrated Management Controller IMC is a set of software used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down and restarting the server. A cross-site scripting vulnerability exists in Cisco...
POS Point of Sale System /-complex_header.php file cross-site scripting vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...
Google Android Information Disclosure Vulnerability (CNVD-2025-21349)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Google Android heap buffer overflow vulnerability (CNVD-2025-21351)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
POS Point of Sale System /dymanic_table.php File Cross-Site Scripting Vulnerability
POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter scripts in the file...
Google Android Out-of-Bounds Write Vulnerability (CNVD-2025-21352)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause local information disclosure...
Huawei HarmonyOS device standby module competitive conditions loophole
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device standby module, which can be exploited by an attacker to cause the system device...
Google Android Information Disclosure Vulnerability (CNVD-2025-21366)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Huawei HarmonyOS runtime interpreter module out-of-bounds read vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS runtime interpreter module, which can be exploited by an attacker to cause an availability...