Huawei HarmonyOS kernel file system module Competitive Condition Vulnerability Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS kernel file system module, which can be exploited by attackers to affect availability...

Kenwood DMX958XR JKWifiService Function OS Command Injection Vulnerability

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. An operating system command injection vulnerability exists in the Kenwood DMX958XR JKWifiService function, which can be exploited by an attacker to execute code in a root context...

Huawei HarmonyOS and EMUI out-of-bounds access vulnerability (CNVD-2025-22608)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. An out-of-bounds access vulnerability exists in Huawei...

Adobe Substance3D Modeler Out-of-Bounds Read Vulnerability (CNVD-2025-19224)

Adobe Substance3D Modeler is the core tool in the Adobe Substance 3D series of software, designed for 3D modeling, supporting digital clay sculpting, symmetry tools, automated UV management, and other features for seamless switching across computer VR environments. Adobe Substance3D Modeler suffe...

Huawei HarmonyOS skia module out-of-bounds write vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei HarmonyOS skia module, which can be exploited by an attacker to compromise confidentiality...

Unspecified Vulnerability in Emby MediaBrowser (CNVD-2025-19598)

Emby MediaBrowser is a media server software from Emby. A security vulnerability exists in Emby MediaBrowser, which can be exploited by an attacker to bypass authorization via a user control key...

NVIDIA Triton Inference Server Denial of Service Vulnerability (CNVD-2025-20007)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. NVIDIA Triton Inference Server has a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20292)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Adobe Substance3D Painter Out-of-Bounds Read Vulnerability (CNVD-2025-19236)

Adobe Substance3D Painter provides real-time 3D texture painting with intelligent material system and physical rendering viewport, supporting 8K resolution material output. An out-of-bounds read vulnerability exists in Adobe Substance3D Painter, which can be exploited by attackers to cause...

Adobe InDesign Desktop Uninitialized Pointer Vulnerability

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from an uninitialized pointer vulnerability that can be exploit...

Adobe InDesign Desktop Out-of-Bounds Write Vulnerability (CNVD-2025-19246)

Adobe InDesign Desktop is a desktop publishing DTP application developed by Adobe, mainly used for typographic editing of printed materials, supporting the creation of books, magazines, posters, flyers and other printed materials. Adobe InDesign Desktop suffers from an out-of-bounds write...

Microsoft Word Information Disclosure Vulnerability (CNVD-2025-18825)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word, which is caused due to a buffer over-read error. An attacker could exploit the vulnerability to obtain sensitive information...

Open5GS has an unspecified vulnerability (CNVD-2025-18543)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by an attacker to cause local manipulation...

Adobe InCopy Heap Buffer Overflow Vulnerability (CNVD-2025-18933)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...

Microsoft Office Code Execution Vulnerability (CNVD-2025-21408)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which is caused due to a post-release usage...

TRENDnet TEW-822DRE Elevation of Privilege Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...

Microsoft Windows Routing and Remote Access Service Remote Code Execution Vulnerability (CNVD-2026-11810)

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft USA that is used to implement features such as network routing, virtual private networks VPNs and dial-up connections. A remote code execution vulnerability exists in Microsoft Windows Routing and Remote Acces...

Adobe InCopy Out-of-Bounds Write Vulnerability (CNVD-2025-18936)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code on the system or cause the application to crash...

WordPress Elementor Plugin Arbitrary File Read Vulnerability

WordPress Elementor Plugin is a visual page design plugin that allows users to create professional web pages with drag-and-drop modules and a visual editor without writing code. WordPress Elementor Plugin suffers from an arbitrary file read vulnerability that stems from the program failing to...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18822)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel that is caused by a heap buffer overflow when opening a specially crafted file. An attacker can exploit this vulnerability to execute arbitrary cod...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18819)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused due to an error when opening a specially crafted file. An attacker could exploit this vulnerability to execute arbitrary code on t...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18821)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused due to a type confusion error when opening a specially crafted file. An attacker could exploit this vulnerability to execute...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18823)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which is caused by free use when opening specially crafted files. An attacker can exploit the vulnerability to execute arbitrary code on the syste...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-18820)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel that is caused by a heap buffer overflow when opening a specially crafted file. An attacker can exploit this vulnerability to execute arbitrary cod...

WordPress CBX Restaurant Booking plugin cross-site request forgery attack vulnerability

WordPress CBX Restaurant Booking plugin is a restaurant booking plugin for WordPress websites that allows users to book restaurant seats online. The plugin supports online booking, instant confirmation, personalized notifications and other features that automate the booking process and reduce...

Belkin F9K1009 and Belkin F9K1010 Hardcoded Credential Vulnerabilities

The Belkin F9K1009 and Belkin F9K1010 are both a wireless router from Belkin Canada. The Belkin F9K1009 and Belkin F9K1010 have a hard-coded credential vulnerability that can be exploited by an attacker to gain access to the devices...

Open5GS Denial of Service Vulnerability (CNVD-2025-18547)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service via the function smfstateoperational parameter...

Adobe InCopy Memory Misreference Vulnerability (CNVD-2025-18938)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe InCopy, which can be exploited by an attacker to execute code on the system or cause the application to crash...

Open5GS Denial of Service Vulnerability (CNVD-2025-18546)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service via the function esmhandlepdnconnectivityrequest...

Adobe InDesign Desktop Post-Release Reuse Vulnerability (CNVD-2025-19767)

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from a post-release reuse vulnerability that can be exploited b...

Adobe InDesign Desktop Post-Release Reuse Vulnerability

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from a post-release reuse vulnerability that can be exploited b...

Adobe InDesign Desktop Post-Release Reuse Vulnerability (CNVD-2025-19766)

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from a post-release reuse vulnerability that can be exploited b...

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18606)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by an attacker to cause bypassing of internal rate limiting and reuse of existing MFA code...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21461)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of channel subscriptions...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21460)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the plugin to crash...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21459)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause an edit channel subscription...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21458)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of subscriptions...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21457)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the plugin to crash...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21456)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause access to subscription details...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21455)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause access to subscription details...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21454)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the plugin to crash...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21453)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause unauthorized channel subscriptions...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21452)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the plugin to crash...

Microsoft Windows File Explorer Spoofing Vulnerability

Microsoft Windows File Explorer is a file manager application from Microsoft USA. A spoofing vulnerability exists in Microsoft Windows File Explorer that is caused by the exposure of sensitive information to unauthorized participants in File Explorer. An attacker could exploit the vulnerability t...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability (CNVD-2025-23049)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android, which can be exploited by attackers to conduct spoofing attacks when visiting specially crafted websites...

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability (CNVD-2025-23048)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based for Android. An attacker can exploit this vulnerability to conduct spoofing attacks when visiting specially crafted websit...

Huawei EnzoH OS Command Injection Vulnerability (CNVD-2025-23594)

Huawei EnzoH is a wireless access device from Huawei China. Huawei EnzoH suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

Huawei EnzoH OS Command Injection Vulnerability

Huawei EnzoH is a wireless access device from Huawei China. Huawei EnzoH suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary command execution...

IBM WebSphere Application Server Liberty Resource Management Error Vulnerability

IBM WebSphere Application Server Liberty is a lightweight Java application server from IBM for rapid development and deployment of cloud-native applications. A denial of service vulnerability exists in IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8, which stems from t...

WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin cross-site scripting vulnerability

WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin mainly provides the function of embedding interactive maps in the page, supporting customized locations, map styles, marker points and so on. The WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin suffers...