DELL iDRAC Service Module Code Execution Vulnerability

The DELL iDRAC Service Module is a lightweight software service on Dell servers that is primarily used to enhance the functionality of iDRAC Integrated Dell Remote Control Card and improve server management efficiency by consolidating operating system information. A code execution vulnerability...

JetBrains IntelliJ IDEA Improper Access Control Vulnerability

JetBrains IntelliJ IDEA is an integrated development environment IDE developed by JetBrains , designed to improve developer productivity and code quality , mainly for Java programming , but also supports Kotlin, Web, Spring and other languages and frameworks . JetBrains IntelliJ IDEA suffers from...

esri Portal for ArcGIS Enterprise Sites Cross-Site Scripting Vulnerability (CNVD-2025-21188)

esri Portal for ArcGIS Enterprise Sites is an enterprise-level geographic information sharing platform from ESRI that allows users within an organization to view, edit, and share geographic information through the portal. A cross-site scripting vulnerability exists in esri Portal for ArcGIS...

JetBrains TeamCity Injection Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an injection vulnerability that stems from SMTP injection allowing modification of email content, which can be...

JetBrains TeamCity Elevation of Privilege Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an elevation of privilege vulnerability that stems from incorrect directory ownership, and no details of the...

JetBrains IntelliJ IDEA HTML Injection Vulnerability

JetBrains IntelliJ IDEA is an integrated development environment IDE developed by JetBrains , designed to improve developer productivity and code quality , mainly for Java programming , but also supports Kotlin, Web, Spring and other languages and frameworks . JetBrains IntelliJ IDEA suffers from...

DELL iDRAC Service Module Elevation of Privilege Vulnerability

The DELL iDRAC Service Module is a lightweight software service on Dell servers that is primarily used to enhance the functionality of iDRAC Integrated Dell Remote Control Card and improve server management efficiency by consolidating operating system information. An elevation of privilege...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from an information disclosure vulnerability th...

Apartment Management System addfair.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements for parameter IDs in the /fair/addfair.php file. An attacker can exploit this...

Tenda M3 /goform/QuickIndex File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the file /goform/QuickIndex function formQuickIndex parameter...

Mozilla Firefox for Android Information Disclosure Vulnerability (CNVD-2025-19560)

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. An information disclosure vulnerability exists in Mozilla Firefox for Android prior to version 141, which originates from a sandboxed iframe without the allow-downloads attribute that can...

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

IBM Concert Software Data Exposure Overload Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from an excessive data exposure vulnerability that...

D-Link DIR-619L Buffer Overflow Vulnerability

D-Link DIR-619L is a home wireless router from AUO D-Link, designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability, which originates from the nextPag...

Unspecified Vulnerability in Mozilla Firefox for Android (CNVD-2025-19561)

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for Android prior to version 141, which stems from a blob:URI that may hide the true origin of a page and can be exploited by an attacke...

Lunary Cross-Site Scripting Vulnerability

lunary is lunary open source a production toolkit for LLM. A cross-site scripting vulnerability exists in lunary, which stems from the presence of stored cross-site scripting in the Analytics component that could lead to arbitrary JavaScript execution. No detailed vulnerability details are provid...

Multiple Mozilla Product Spoofing Vulnerabilities (CNVD-2025-26892)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is an extended support version of Firefox web browser. A spoofing vulnerability exists in several Mozilla products and is caused due to an error in the address bar component. An attacker coul...

Code execution vulnerability in multiple Mozilla products (CNVD-2025-26893)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in multiple Mozilla products, which can be...

D-Link DIR-619L formWlanSetup function buffer overflow vulnerability

D-Link DIR-619L is a home wireless router from AUO D-Link, designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from the fwdswepKe...

Tenda AC6 Authentication Bypass Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. The Tenda AC6 suffers from an authentication bypass vulnerability, which stems from a bypass problem in the...

Tenda AC6 saveParentControlInfo function buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from the deviceName parameter in th...

Tenda AC15 fromSetIpMacBind Function Stack Buffer Overflow Vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 suffers from a stack buffer overflow vulnerability, which stems from the fromSetIpMacBind...

Mozilla Firefox for iOS Denial of Service Vulnerability (CNVD-2025-19565)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A denial of service vulnerability exists in Mozilla Firefox for iOS prior to version 142, which can be exploited by attackers to cause a denial of service...

Tenda AX3 fromAdvSetMacMtuWan Function Buffer Overflow Vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a buffer overflow vulnerability, which stems from the serverName parameter in the...

Tenda AX3 fromSetSysTime function buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a buffer overflow vulnerability, which stems from the ntpServer parameter in the...

Delta Electronics DIAEnergie Cross-Site Scripting Vulnerability (CNVD-2025-22953)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics China for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizin...

Mozilla Firefox Spoofing Vulnerability (CNVD-2025-19568)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A spoofing vulnerability exists in Mozilla Firefox versions prior to 142, which can be exploited by attackers to conduct spoofing attacks...

Mozilla Firefox for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19567)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header and can be exploited by an...

Mozilla Firefox for iOS Denial of Service Vulnerability (CNVD-2025-19566)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A denial of service vulnerability exists in Mozilla Firefox for iOS prior to version 142, which can be exploited by attackers to cause a denial of service...

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19564)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which stems from a QR scanner that may allow arbitrary websites to be opened. An attacker could exploit the...

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19563)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which can be exploited by attackers to open arbitrary website URLs or internal pages...

Mozilla Firefox for Android Security Bypass Vulnerability (CNVD-2025-19559)

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for Android prior to version 141, which stems from improper truncation of URL display in the address bar and can be exploited by...

Mozilla Focus for iOS cross-site scripting vulnerability (CNVD-2025-19558)

Mozilla Focus for iOS is a privacy browser from the US-based Mozilla Foundation designed for iOS devices. A cross-site scripting vulnerability exists in Mozilla Focus for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header, and can be exploited by an...

Mozilla Focus for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19557)

Mozilla Focus for iOS is a privacy browser from the US-based Mozilla Foundation designed for iOS devices. A cross-site scripting vulnerability exists in versions prior to Mozilla Focus for iOS 142, which can be exploited by an attacker to execute arbitrary web script or HTML via injection of a...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-19508)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-19507)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-19506)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-19505)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-19504)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-19503)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-19502)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Tenda AC6 Denial of Service Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A denial of service vulnerability exists in the Tenda AC6, which originates from a problem with the HTTP...

Tenda AC6 fromSetSysTime function buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from the time parameter in the...

Tenda AC6 formSetMacFilterCfg function buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from the macFilterType and deviceLi...

Tenda AC6 formSetCfm function buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from the formSetCfm function failin...

D-Link DIR-619L formSysCmd Function Buffer Overflow Vulnerability

D-Link DIR-619L is a home wireless router from AUO D-Link, designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from the submit-ur...

TOTOLINK A3002R bupload.html component command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the bupload.html...

TOTOLINK A702R Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter desc failing to properly validate the lengt...

Online Course Registration sesssion parameter SQL injection vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter sesssion. An attacker can exploit this vulnerability to execute...

Apache Log4cxx Input Validation Error Vulnerability (CNVD-2025-20868)

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . An input validation error vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from JSONLayout not properly escaping all payload bytes, and can be exploited...