131179 matches found
appRain CMF cross-site scripting vulnerability (CNVD-2025-21128)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/debug-log/db endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials...
Google Android elevation of privilege vulnerability (CNVD-2025-23043)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...
appRain CMF SQL Injection Vulnerability (CNVD-2025-21108)
appRain CMF is a content management framework. appRain CMF suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BAdmin%5D%5Busername%5D parameter of /apprain/admin/manage/add. An attacker could use this vulnerability t...
Google Android Denial of Service Vulnerability (CNVD-2025-26881)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android due to a resource exhaustion flaw in multiple functions in AccountManagerService.java. An attacker can exploit this vulnerability to cause a denial of service...
Google Android elevation of privilege vulnerability (CNVD-2025-23025)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a way to bypass intent security checks due to proxy obfuscation in multiple functions in AppRestrictions Fragment.java. An attacker can...
Google Android elevation of privilege vulnerability (CNVD-2025-23035)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...
Google Android Information Disclosure Vulnerability (CNVD-2025-24498)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a logic error in the writeContent function in RemotePrintDocument.java. An attacker can exploit this vulnerability to obtain sensitive informatio...
Google Android elevation of privilege vulnerability (CNVD-2025-28665)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an elevation of privilege on a paired device...
Google Android elevation of privilege vulnerability (CNVD-2025-29703)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the updateState function in ContentProtectionTogglePreferenceController.java, which can be exploited by an attacker to elevate...
TOTOLINK X5000R Command Injection Vulnerability
TOTOLINK X5000R is a wireless router supporting Wi-Fi 6 technology with full coverage mesh system and dual-band transmission for home and business network environments. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the parameter pid in the file...
Google Android elevation of privilege vulnerability (CNVD-2025-26731)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
appRain CMF SQL Injection Vulnerability (CNVD-2025-21132)
appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-dynamic-pages/create. An attacker could use this...
Google Android Denial of Service Vulnerability (CNVD-2025-23027)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by a logic error in the handlePackagesChanged function in DevicePolicyManagerService.java. An attacker can exploit this vulnerability to cause a...
Google Android elevation of privilege vulnerability (CNVD-2025-26885)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a lack of privilege checking in multiple functions. The vulnerability can be exploited by an attacker to cause privilege escalation...
appRain CMF path traversal vulnerability
appRain CMF is a content management framework. A path traversal vulnerability exists in appRain CMF, which stems from the incorrect handling of base64 path parameters, and can be exploited by an attacker to download an arbitrary file on the system via a constructed URL request...
Google Android Information Disclosure Vulnerability (CNVD-2025-28667)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to a logic error in the onCreate function in NotificationAccessConfirmationActivity.java that results in incorrect validation of the Correct Intent...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21131)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input in the /apprain/information/manage/emailtemplate/add endpoint. An attacker could use this vulnerability to steal the victim's cookie-base...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21122)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/richtexteditor endpoint. An attacker could use the vulnerability to steal the victim's cookie-based...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21113)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/admin endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21130)
appRain CMF is a content management framework from appRain Canada. appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user input in the /apprain/developer/language/lipsum.xml endpoint. An attacker could use this vulnerability to steal the victim...
Google Android Information Disclosure Vulnerability (CNVD-2025-29709)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in the offerNetwork function in ConnectivityService.java. An attacker can exploit this vulnerability to obtain...
Google Android Information Disclosure Vulnerability (CNVD-2025-23033)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by improper input validation in multiple locations. The vulnerability can be exploited by an attacker to obtain sensitive information...
Google Android Information Disclosure Vulnerability (CNVD-2025-28666)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
NVIDIA Cumulus Linux and NVIDIA NVOS Log Information Disclosure Vulnerability
NVIDIA Cumulus Linux is an open network operating system.NVIDIA NVOS is an operating system. A log information disclosure vulnerability exists in NVIDIA Cumulus Linux and NVIDIA NVOS. The vulnerability stems from a hash password that is not properly hidden in log files and can be exploited by an...
Google Android Denial of Service Vulnerability (CNVD-2025-23032)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which can be exploited by an attacker to cause a persistent local denial of service...
Google Android elevation of privilege vulnerability (CNVD-2025-29702)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an obfuscated agent in the loadDrawableForCookie function in ResourcesImpl.java. An attacker can exploit the vulnerability to elevate privileges...
Google Android Denial of Service Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from a denial-of-service vulnerability that stems from resource...
Google Pixel elevation of privilege vulnerability (CNVD-2025-25481)
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker that may lead to out-of-bounds writes and local elevation of privilege...
Google Android elevation of privilege vulnerability (CNVD-2025-26883)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to incorrect input validation in the getCallingAppName function in Shared.java, which results in a user granting file access via deceptive text in the...
Google Android elevation of privilege vulnerability (CNVD-2025-23044)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a missing privilege check in the onCreate function in UninstallerActivity.java. An attacker can exploit this vulnerability to gain elevated privileg...
Google Android Information Disclosure Vulnerability (CNVD-2025-24499)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a letter disclosure vulnerability, which is caused by a logic error in multiple locations. An attacker can exploit the vulnerability to potentially cause a local information leak...
Google Android elevation of privilege vulnerability (CNVD-2025-30728)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Google Android Obfuscated Proxy Vulnerability (CNVD-2025-26799)
Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that can be exploited by...
Unspecified Vulnerability in NVIDIA ConnectX (CNVD-2025-21179)
NVIDIA ConnectX is a series of intelligent network interface cards from NVIDIA. NVIDIA ConnectX has a security vulnerability that can be exploited by attackers to potentially cause denial of service, elevation of privilege, information disclosure, and data tampering...
Google Android elevation of privilege vulnerability (CNVD-2025-28658)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by an unauthorized way of adding contacts due to a logic error in the onCreate function in SelectAccountActivity.java. An attacker can...
Google Android elevation of privilege vulnerability (CNVD-2025-30727)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause arbitrary Java code to be loaded in a privileged environment...
Unspecified Vulnerability in Google Android (CNVD-2025-26733)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause a permanent denial of service...
Google Android Denial of Service Vulnerability (CNVD-2025-28660)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by the way the setApplicationHiddenSettingsUser function in PackageManagerService.java hides system critical packages due to incorrect input...
Google Android elevation of privilege vulnerability (CNVD-2025-24497)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a logic error in the handlePackagesChanged function in DevicePolicyManagerService.java. An attacker can exploit the vulnerability to gain elevate...
Google Chrome V8 post-release reuse vulnerability (CNVD-2025-22938)
Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from a post-release reuse vulnerability that stems from the mishandling of memory objects by the V8...
appRain CMF SQL Injection Vulnerability (CNVD-2025-21133)
appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...
Google Android Denial of Service Vulnerability (CNVD-2025-29708)
Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android due to incorrect input validation of the collectOps function in AppOpsService.java. An attacker can exploit the vulnerability to cause a denial of service...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21119)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/cycle endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21118)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/commonresource endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...
appRain CMF Cross-Site Scripting Vulnerability
appRain CMF is a content management framework from appRain Canada. The appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input on the /appain/admin/account/edit endpoint. An attacker could use the vulnerability to steal the victim...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21111)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input on the /apprain/developer/addons/update/960grid endpoint. An attacker could use this vulnerability to steal the victim's cookie-based...
Unspecified Vulnerability in NVIDIA BlueField (CNVD-2025-21178)
NVIDIA BlueField is a series of data processing units from NVIDIA. NVIDIA BlueField has a security vulnerability that can be exploited by attackers to potentially cause a denial of service, elevation of privilege, and information disclosure...
Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2025-21256)
Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. A cross-site scripting vulnerability exists in Cisco Webex Meetings that stems from insufficient validation of user input and can be exploited by an attacker to cause a cross-site scripting attack...
Mobile Shop Management System AddNewProduct.php file code problem vulnerability
Mobile Shop Management System is a store management system. Mobile Shop Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter ProductImage in the file AddNewProduct.php. An attacker can exploit this vulnerability to upload...
Complaint Management System registration.php file SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for the fullname, email, and contactno parameters in user/registration.php. An...