OpenBao has an unspecified vulnerability (CNVD-2025-18600)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which can be exploited by attackers to cause information leakage...

GNU libcdio csp_usart_open function buffer overflow vulnerability

GNU libcdio is an American GNU community library for CD-ROM and CD image access. A buffer overflow vulnerability exists in GNU libcdio version 2.0, which stems from a failure of the cspusartopen function to properly validate the length size of the input data, and can be exploited by an attacker t...

Adobe InCopy Heap Buffer Overflow Vulnerability (CNVD-2025-18931)

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause a buffer overflow that can be used to execute arbitrary code on the system or cause th...

Google Chrome Competitive Conditions Issue Vulnerability (CNVD-2025-24504)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a Competitive Condition Issue vulnerability that is due to a competitive condition in V8. An attacker can exploit this vulnerability to execute arbitrary code on the system...

Huawei EnzoH-W5611T OS Command Injection Vulnerability

Founded in 1987 and headquartered in Shenzhen, Guangdong Province, China, Huawei is a leading global provider of ICT information and communications technology infrastructure and smart terminals, with operations in more than 170 countries and regions and serving more than 3 billion people worldwid...

Adobe InDesign Desktop Out-of-Bounds Write Vulnerability (CNVD-2025-19248)

Adobe InDesign Desktop is a desktop publishing DTP application developed by Adobe, mainly used for typographic editing of printed materials, supporting the creation of books, magazines, posters, flyers and other printed materials. Adobe InDesign Desktop suffers from an out-of-bounds write...

Adobe InDesign Desktop Buffer Overflow Vulnerability (CNVD-2025-19245)

Adobe InDesign Desktop is a desktop publishing DTP application developed by Adobe, mainly used for typographic editing of printed materials, supporting the creation of books, magazines, posters, flyers and other printed materials. A buffer overflow vulnerability exists in Adobe InDesign Desktop,...

Google Chrome Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome, which can be exploited by remote attackers to perform out-of-bounds memory access via a crafted HTML page...

Tenda AC20 Stack Buffer Overflow Vulnerability (CNVD-2026-00674)

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a stack buffer overflow vulnerability that originates from a misuse of the parameter rebootTime in the file /goform/SetSysAutoRebbotCfg, which can be exploited by an attacker to cause a stack buffer...

Unspecified Vulnerability in Mattermost Confluence Plugin

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause information leakage...

Unspecified Vulnerability in Mattermost Confluence Plugin (CNVD-2025-21448)

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the creation of channel subscriptions...

OpenBao Code Injection Vulnerability

OpenBao is OpenBao open source a sensitive data management software . A code injection vulnerability exists in OpenBao 2.3.1 and earlier versions that can be exploited by attackers to cause unauthorized code execution and network access...

Microsoft GitHub Copilot Remote Code Execution Vulnerability

GitHub Copilot is an AI-driven code assistant developed by Microsoft, widely used in Visual Studio Code, Visual Studio and other development environments, providing intelligent code completion and generation services for millions of developers worldwide. Microsoft GitHub Copilot remote code...

NVIDIA Triton Inference Server Code Execution Vulnerability

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A code execution vulnerability exists in NVIDIA Triton Inference Server, which can be exploited by attackers to execute arbitrary code, cau...

NVIDIA Triton Inference Server Integer Overflow Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An integer...

NVIDIA Triton Inference Server Stack Overflow Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. A stack overflow...

NVIDIA Triton Inference Server Denial of Service Vulnerability (CNVD-2025-20009)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A denial of service vulnerability exists in NVIDIA Triton Inference Server, which stems from an invalid request that could result in a...

Apple macOS Sequoia code execution vulnerability (CNVD-2025-19511)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a code execution vulnerability that is caused due to an error in the model I/O component when opening a specially crafted file. An attacker can exploit the vulnerability to execute...

Apple macOS Sequoia code execution vulnerability

Apple macOS Sequoia is an operating system from the American company Apple Apple. A code execution vulnerability exists in Apple macOS Sequoia, which is caused due to an error in the model I/O component when opening a specially crafted file, and can be exploited by an attacker to execute arbitrar...

NVIDIA Triton Inference Server Integer Overflow Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An integer...

IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2025-18592)

IBM WebSphere Application Server Liberty is a lightweight Java application server from IBM for rapid development and deployment of cloud-native applications. A stored cross-site scripting XSS vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 25.0.0.8, whic...

NVIDIA Triton Inference Server Code Execution Vulnerability (CNVD-2025-20011)

NVIDIA Triton Inference Server is an open source software from NVIDIA that helps standardize model deployment and deliver fast and scalable AI in production. A code execution vulnerability exists in NVIDIA Triton Inference Server, which can be exploited by attackers to execute arbitrary code, cau...

NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An out-of-bounds...

NVIDIA Triton Inference Server Python Out-of-Bounds Read Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An out-of-bounds...

Dell SupportAssist OS Recovery Privilege Elevation Vulnerability

Dell SupportAssist OS Recovery is a Dell USA company that provides a recovery environment that contains tools for diagnosing and resolving problems that may occur before the computer boots into the operating system. A security vulnerability exists in Dell SupportAssist OS Recovery Temporary File...

Apple macOS Sequoia code execution vulnerability (CNVD-2025-19510)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia suffers from a code execution vulnerability that is caused due to an issue in the CoreMedia component when opening specially crafted files. An attacker can exploit the vulnerability to execute...

NVIDIA Triton Inference Server HTTP Service Input Validation Vulnerability

Triton Inference Server is a high-performance inference service engine developed by NVIDIA, designed for AI model deployment in production environments, with support for a variety of frameworks TensorFlow, PyTorch, ONNX, etc. and optimized inference performance for GPUs and CPUs. An input...

WordPress CleverReach SQL Injection Vulnerability

WordPress CleverReach is a cloud-based enterprise email marketing software that supports integration with WordPress, WooCommerce and other platforms, providing automated marketing, personalized email delivery, A/B testing and more. WordPress CleverReach suffers from a SQL injection vulnerability...

WordPress Element Pack Elementor Addons and Templates Cross-Site Scripting Vulnerability

WordPress Element Pack Elementor Addons and Templates is a powerful plugin for Elementor designed to simplify website design. A cross-site scripting vulnerability exists in WordPress Element Pack Elementor Addons and Templates, which stems from insufficient input cleanup and output escaping of th...

Dell RecoverPoint for Virtual Machines Weak File System Permissions Vulnerability

Dell RecoverPoint for Virtual Machines is Dell's disaster recovery solution for VMware virtual environments, designed to simplify data protection and disaster recovery processes for virtual machines and ensure business continuity. Dell RecoverPoint for Virtual Machines is vulnerable to a weak fil...

WordPress Reveal Listing Elevation of Privilege Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Reveal Listing suffers from an elevation of privilege vulnerability that stems from allowing users to set roles, which can be exploited by an attacker to tamper...

WordPress Zakra Unauthorized Modification Vulnerability

WordPress Zakra is a WordPress theme known for its power, compatibility and lightweight design, suitable for creating personal blogs, business websites, WooCommerce stores and more. WordPress Zakra suffers from an unauthorized modification vulnerability that stems from a missing...

WordPress Exclusive Addons For Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Exclusive Addons For Elementor, which stems from insufficient input cleanup and escaping, and can be exploited by a...

WordPress FileBird SQL Injection Vulnerability

WordPress FileBird is a media library management plugin designed for WordPress to help users efficiently organize and manage their media files by providing features such as an intuitive folder system, drag-and-drop operation, search function and batch upload. WordPress FileBird suffers from a SQL...

WordPress WPBakery Page Builder Cross-Site Scripting Vulnerability

WordPress WPBakery Page Builder is a visual page builder plugin for the WordPress platform that enables complex layout design through a drag-and-drop interface to create responsive web pages without writing code. WordPress WPBakery Page Builder suffers from a cross-site scripting vulnerability th...

WordPress Flex Guten Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Flex Guten, which stems from insufficient input cleanup and escaping, and can be exploited by an attacke...

WordPress Gutenverse Cross-Site Scripting Vulnerability

WordPress Gutenverse is a WordPress plugin designed for the Gutenberg editor to provide rich site building functionality. WordPress Gutenverse suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping, which can be exploited by an attacker to inject...

WordPress esri-map-view cross-site scripting vulnerability

WordPress esri-map-view is used to embed Esri/ArcGIS maps or scenes in websites. The plugin realizes map display through short code, supports selecting base map, setting initial view angle, adding custom layers, pop-up information window and other functions, and can embed preconfigured web maps o...

WordPress GiveWP Information Disclosure Vulnerability

WordPress GiveWP is an online donation plugin designed for WordPress websites, mainly used by non-profit organizations and individuals to accept online donations. WordPress GiveWP suffers from an information disclosure vulnerability that stems from information exposure, which can be exploited by ...

WordPress WP-Property plugin file upload vulnerability

WordPress WP-Property plugin is a real estate industry-specific plugin for the WordPress platform, which is mainly used to help users manage property listings, display listing information and attract potential customers. A file upload vulnerability exists in the WordPress WP-Property plugin, whic...

SQL Injection Vulnerability in Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.

Gansu Province Dangerous Goods Depot Monitoring Platform is a digital management system for real-time monitoring of dangerous goods storage and transportation. There is a SQL injection vulnerability in the Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.,...

Foxit Reader Plugin Buffer Overflow Vulnerability

Foxit Reader Plugin is a U.S. Foxit company's PDF reading plug-ins. A buffer overflow vulnerability exists in Foxit Reader Plugin version 2.2.1.530, which stems from incorrect handling of URL query strings and can be exploited by an attacker to cause a buffer overflow and arbitrary code execution...

WordPress WP Import Export Lite plugin missing file type validation vulnerability

WordPress WP Import Export Lite plugin is a free plugin for WordPress, mainly used for batch import and export website data. WordPress WP Import Export Lite plugin suffers from a missing file type validation vulnerability that can be exploited by attackers to cause arbitrary file uploads and remo...

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24799)

OpenEXR is an open standard for high dynamic range image HDR file formats. A heap buffer overflow vulnerability exists in OpenEXR versions 3.3.0 through 3.3.2 when decompressing ZIPS-compressed deep scanline EXR files, which originates from a write operation out of bounds when processing...

OpenEXR has an unspecified vulnerability (CNVD-2025-24796)

OpenEXR is an open standard for high dynamic range image HDR file formats. A security vulnerability exists in OpenEXR version 3.3.2, which can be exploited by attackers to cause excessive memory allocation and performance degradation when processing malicious files...

TOTOLINK N600R Command Injection Vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz bands to work concurrently, with a maximum wireless transmission rate of up to 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that stems from the pin...

Bento4 Denial of Service Vulnerability (CNVD-2026-15392)

Bento4 is an open source C++ library for reading and writing MP4 files. Bento4 suffers from a denial of service vulnerability caused by a flaw in the Mp4Decrypt file Mp4Decrypt.cpp function AP4DataBuffer::SetDataSize. An attacker can exploit this vulnerability to cause a denial of service...

IBM Cloud Pak for Business Automation Licensing Issues Vulnerability

IBM Cloud Pak for Business Automation is an enterprise-class business process automation platform from IBM that provides intelligent document processing, workflow management and decision automation. A security vulnerability exists in IBM Cloud Pak for Business Automation that originates from a us...

Netgear SPH200D Directory Traversal Vulnerability

The Netgear SPH200D is a wireless Internet phone from Netgear USA. The Netgear SPH200D suffers from a directory traversal vulnerability that can be exploited by an attacker to view arbitrary files on the system by sending a crafted URL request...

PDF-XChange Editor EMF Function Out-of-Bounds Read Vulnerability (CNVD-2025-21912)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An out-of-bounds read vulnerability exists in the PDF-XChange Editor EMF function, which can be exploited by an attacker to disclose sensitive information...