ImageMagick Input Validation Error Vulnerability (CNVD-2025-19250)

ImageMagick is ImageMagick open source suite of open source image processing software that can read, convert or write images in a variety of formats. ImageMagick suffers from an input validation error vulnerability that stems from an insecure magnification size calculation in ReadOneMNGIMage, whi...

DELL OpenManage Enterprise Information Disclosure Vulnerability

DELL OpenManage Enterprise is an enterprise-class systems management console from Dell designed to simplify IT infrastructure management and support centralized lifecycle management of PowerEdge servers, storage, network devices and third-party components. An information disclosure vulnerability...

ImageMagick Buffer Overflow Vulnerability (CNVD-2025-19249)

ImageMagick is ImageMagick open source suite of open source image processing software that can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates from not handling reference values greater than 1024 during Log to sRGB...

Intel 700 Series Ethernet Input Validation Error Vulnerability

Intel 700 Series Ethernet is a family of high-performance Ethernet controllers from Intel Corporation. An input validation error vulnerability exists in Intel 700 Series Ethernet that stems from improper input validation, and no detailed vulnerability details are available at this time...

Travel Management System SQL Injection Vulnerability

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter t1 in file /addcategory.php. An attacker can exploit this vulnerability to execute...

Medical Store Management System ChangePassword.java SQL Injection Vulnerability

Medical Store Management System is a pharmacy management system. The Medical Store Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter newPassTxt in the file ChangePassword.java. An attacker can...

Ivanti Avalanche Code Execution Vulnerability

Ivanti Avalanche is an enterprise mobile device management system from Ivanti for managing mobile devices such as smartphones and tablets. A code execution vulnerability exists in Ivanti Avalanche, which stems from an incomplete configuration restriction, and can be exploited by an attacker to...

Hospital Management System edit-doctor.php file SQL Injection Vulnerability

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter docfees in the file /admin/edit-doctor.php. An...

Intel Xeon Processors Elevation of Privilege Vulnerability

Intel Xeon Processors is a family of processors launched by Intel for the enterprise-class server, workstation, and high-performance computing HPC markets, mainly serving data centers, cloud computing, artificial intelligence, and other areas. Intel Xeon Processors is vulnerable to an elevation o...

WordPress plugin Bit Form builder code problem vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability exists in WordPress plugin Bit Form builder 2.20.4 and earlier versions, whi...

Adobe Animate post-release reuse vulnerability (CNVD-2025-20477)

Adobe Animate is a professional 2D animation software developed by Adobe, formerly known as Flash Professional, which supports HTML5, WebGL and other formats, and is widely used in game development, web design and interactive content creation. Adobe Animate suffers from a post-release reuse...

Netis WF2880 FUN_00473154 Function Buffer Overflow Vulnerability

The Netis WF2880 is a wireless router from the Chinese company Netis. A buffer overflow vulnerability exists in the Netis WF2880 FUN00473154 function, which can be exploited by an attacker to cause a denial of service...

Intel Xeon Processors Denial of Service Vulnerability

Intel Xeon Processors is a family of processors launched by Intel for the enterprise-class server, workstation, and high-performance computing HPC markets, mainly serving data centers, cloud computing, artificial intelligence, and other areas. A denial of service vulnerability exists in Intel Xeo...

Tenda AC20 Command Injection Vulnerability

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a command injection vulnerability that originates from the websFormDefine function in the /goform/telnet file failing to properly filter constructor command special characters, commands, etc. This...

Tenda AC20 Buffer Overflow Vulnerability (CNVD-2025-19583)

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of the parameter list of the setqosMiblist function in the /goform/SetNetControlList file to correctly validate the length of the input...

Tenda AC20 Buffer Overflow Vulnerability (CNVD-2025-19582)

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of the sub46A2AC function parameter deviceList in the /goform/setMacFilterCfg file to properly validate the length of the input data,...

Netis WF2880 FUN_00475e1c Function Buffer Overflow Vulnerability

The Netis WF2880 is a wireless router from the Chinese company Netis. A buffer overflow vulnerability exists in the Netis WF2880 FUN00475e1c function, which can be exploited by an attacker to cause a denial of service...

Apache Tomcat Denial of Service Vulnerability (CNVD-2025-19106)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a denial of service vulnerability due to a forced reset attack in the HTTP/2 implementation. An attacke...

WordPress B Blocks plugin cross-site scripting vulnerability

WordPress B Blocks plugin is a Gutenberg plugin for WordPress, mainly used to enhance the page editing features, provides a variety of beautiful blocks such as buttons, sliders, etc., supports a high degree of customization of the design such as fonts, colors, spacing, etc., and includes...

Intel AI Playground Improper Privilege Vulnerability

Intel AI Playground is an open source application based on AI acceleration technology launched by Intel, which is mainly used to simplify the threshold of AI development, supporting features such as image generation, enhancement and chatbots. Intel AI Playground suffers from a privilege improprie...

WellChoose Organization Portal System SQL Injection Vulnerability

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a SQL injection vulnerability that arises from the application's lack of validation of externally entered SQL statements. The...

IBM Concert Software Cross Domain Resource Sharing Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a cross-domain resource sharing vulnerability...

IBM Concert Software Improper Heap Memory Cleanup Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from an improper heap memory cleanup vulnerability...

IBM Concert Software Denial of Service Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A denial of service vulnerability exists in IBM Concert Software, which stems fr...

IBM Concert Software Trust Management Issues Vulnerabilities

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software has a trust management issue vulnerability that stems from...

Medical Store Management System UpdateMedicines.java File SQL Injection Vulnerability

Medical Store Management System is a pharmacy management system. Medical Store Management System suffers from a SQL injection vulnerability that originates from a misuse of the parameter productNameTxt in the file UpdateMedicines.java resulting in a SQL injection attack, which can be exploited by...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20289)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Huawei HarmonyOS audio codec module array index improper validation vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improper array index validation vulnerability exists in the Huawei HarmonyOS audio codec module, which can be exploited by an attacker to cause audio...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20299)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Adobe Substance3D Modeler Code Execution Vulnerability (CNVD-2025-19228)

Adobe Substance3D Modeler is the core tool in the Adobe Substance 3D series of software, designed for 3D modeling, supporting digital clay sculpting, symmetry tools, automated UV management, and other features for seamless switching across computer VR environments. Adobe Substance3D Modeler suffe...

Huawei HarmonyOS virtualization base module competitive conditions vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS virtualization base module, which can be exploited by an attacker to compromise the...

Huawei HarmonyOS and EMUI Buffer Overflow Vulnerability (CNVD-2025-22612)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a buffer...

Huawei HarmonyOS and EMUI out-of-bounds access vulnerability (CNVD-2025-22606)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. An out-of-bounds access vulnerability exists in Huawei...

Huawei HarmonyOS Type Obfuscation Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a type confusion vulnerability that can be exploited by an attacker to cause location information attribute errors...

Huawei HarmonyOS and EMUI Incomplete Authentication Information Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. An incomplete authentication information vulnerability...

Adobe Substance3D Modeler Out-of-Bounds Write Vulnerability

Adobe Substance3D Modeler is the core tool in the Adobe Substance 3D series of software, designed for 3D modeling, supporting digital clay sculpting, symmetry tools, automated UV management, and other features for seamless switching across computer VR environments. An out-of-bounds write...

NVIDIA Triton Inference Server Denial of Service Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A denial of service vulnerability exists in NVIDIA Triton Inference Server, which can be exploited by attackers to cause segmentation error...

Huawei HarmonyOS audio codec module out-of-bounds access vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds access vulnerability exists in the Huawei HarmonyOS audio codec module, which can be exploited by an attacker to cause a usability impact...

Adobe Framemaker Post-Release Reuse Vulnerability

Adobe FrameMaker is Adobe's development of professional-grade technical document creation and layout software, mainly used to deal with complex long-form structured content such as technical manuals, aviation documents, etc., support for XML/DITA standards, multilingual publishing and cross-media...

Huawei HarmonyOS ability module untrusted data deserialization vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An untrusted data deserialization vulnerability exists in the Huawei HarmonyOS ability module, which can be exploited by an attacker to cause availability to...

Huawei HarmonyOS ArkWeb Component Authentication Management Class Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication management class vulnerability exists in the Huawei HarmonyOS ArkWeb component, which can be exploited by an attacker to compromise...

Adobe Substance3D Viewer Heap Buffer Overflow Vulnerability (CNVD-2025-24440)

Adobe Substance3D Viewer is a stand-alone desktop application for viewing and editing 3D files from Audobee Adobe USA. Adobe Substance3D Viewer suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the context of the curre...

Huawei HarmonyOS Information Disclosure Vulnerability (CNVD-2025-20840)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an information disclosure vulnerability that can be exploited by an attacker to compromise confidentiality...

Huawei HarmonyOS and EMUI Buffer Overflow Vulnerability (CNVD-2025-22611)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A buffer overflow vulnerability exists in Huawei HarmonyO...

NVIDIA Triton Inference Server Buffer Overflow Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server suffers from a security vulnerability that stems from a send request that could result in an out-of-bounds...

Huawei HarmonyOS Iterator Failure Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an Iterator Failure vulnerability that can be exploited by attackers to affect functional stability...

Medical Store Management System MainPanel.java File SQL Injection Vulnerability

Medical Store Management System is a pharmacy management system. Medical Store Management System has a SQL injection vulnerability that originates from improper filtering of searchTxt parameters in the MainPanel.java file, which can be exploited by an attacker to obtain sensitive information...

Huawei HarmonyOS multimodalinput module unintended injection event vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An unintended injection event vulnerability exists in the Huawei HarmonyOS multimodalinput module, which can be exploited by an attacker to cause availabilit...

Tigo Energy Cloud Connect Advanced Command Injection Vulnerability

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

Huawei HarmonyOS Out-of-Bounds Read Vulnerability (CNVD-2025-22263)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a usability impact...