PDF-XChange Editor EMF Function Out-of-Bounds Read Vulnerability

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An out-of-bounds read vulnerability exists in the PDF-XChange Editor EMF feature, which can be exploited by an attacker to disclose sensitive information...

Delta Electronics DIAView Catalog Traversal Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A directory traversal vulnerability exists in Delta Electronics DIAView, which stems from a lack of validity checking of paths used by the program to process directory requests, and can be exploited by...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2025-22717)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2025-22716)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to potentially cause arbitrary...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2025-22718)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...

DELL Enterprise SONiC OS Encryption Key Vulnerability

DELL Enterprise SONiC OS is an open source network operating system developed by Dell and designed for data center and cloud computing scenarios. DELL Enterprise SONiC OS suffers from a cryptographic key vulnerability that stems from a cryptographic key vulnerability in SSH, which can be exploite...

IBM Engineering Lifecycle Optimization Publishing Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...

D-Link DIR-600 Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-600 rev B version 2.14b01, which stems from not properly handling cmd parameters and can be exploited by an attacker to potentially cause command injection...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18562)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Netgear DGN2200B Code Execution Vulnerability

The Netgear DGN2200B is a wireless router from Netgear USA. A code execution vulnerability exists in Netgear DGN2200B 1.0.0.36 and earlier versions, which stems from insufficient pppoe.cgi endpoint input cleanup, and can be exploited by an attacker to potentially cause remote code execution...

Netgear DGN1000B Code Execution Vulnerability

The Netgear DGN1000B is a wireless router from the American company Netgear. A code execution vulnerability exists in the Netgear DGN1000B version 1.1.00.24 and 1.1.00.45, which stems from insufficient cleanup of setup.cgi endpoint inputs, and can be exploited by an attacker to potentially cause...

D-Link DIR-615H1 Command Injection Vulnerability

The D-Link DIR-615H1 is a wireless router from China's AUO D-Link. The D-Link DIR-615H1 suffers from a command injection vulnerability, which stems from insufficient cleanup of the toolsvct.htm endpoint input, that can be exploited by an attacker to cause remote code execution...

Dell Unity Cross-Site Scripting Vulnerability (CNVD-2025-18244)

Dell Unity is a set of virtual Unity storage environments from Dell USA. A cross-site scripting vulnerability exists in Dell Unity 5.5 and earlier versions, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to...

Dell Unity svc_nas Utility OS Command Injection Vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. An operating system command injection vulnerability exists in Dell Unity 5.5 and prior versions, which stems from the svcnas utility program failing to properly filter construct command special characters, commands, etc. An...

WordPress WP Import Export Lite plugin Arbitrary File Upload Vulnerability

WordPress WP Import Export Lite plugin is the official WordPress recommended import and export plugin that supports batch processing of site data, including posts, pages, taxonomies, comments and user data, etc. It supports a variety of file formats such as CSV, JSON, XML and so on. WordPress WP...

WordPress WP Easy Contact plugin cross-site scripting vulnerability

WordPress WP Easy Contact plugin is mainly used for website message function management, support users to submit messages and send them to the administrator's mailbox. WordPress WP Easy Contact plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filterin...

WordPress Employee Directory plugin cross-site scripting vulnerability

WordPress Employee Directory plugin is specially designed for WordPress websites to create and manage employee profile directories. The WordPress Employee Directory plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping ...

Google Chrome Cross-Site Scripting Vulnerability (CNVD-2025-18922)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a cross-site scripting vulnerability that stems from an improperly implemented extension. An attacker can exploit the vulnerability to disclose cross-domain data using a constructed HTML page...

Google Chrome Input Validation Error Vulnerability

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from an input validation error vulnerability that stems from...

Google Android TV has an unspecified vulnerability

Google Android TV is a television operating system application from the American company Google Google. Google Android TV suffers from a security vulnerability that can be exploited by an attacker that may result in arbitrary activity being initiated...

Adobe Experience Manager Code Execution Vulnerability

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. A code execution vulnerability exists in Adobe Experience Manag...

Adobe Experience Manager XML Entity Injection Vulnerability (CNVD-2025-21172)

Adobe Experience Manager is a content management solution from Adobe designed to help organizations efficiently create, manage and deliver cross-channel content while integrating business solutions to enhance the customer experience. Adobe Experience Manager suffers from an XML entity injection...

Dell Digital Delivery Information Disclosure Vulnerability

Dell Digital Delivery is a digital software delivery service offered by Dell that allows users to shop for and automatically download and install paid software e.g., Microsoft Office, Photoshop, etc. in tandem with the purchase of a Dell computer. An information disclosure vulnerability exists in...

Dell Unity OS Command Injection Vulnerability

Dell Unity is a mid-range hybrid flash storage platform from Dell that supports a wide range of workloads, including files and data blocks, and offers flexible deployment options and modern management capabilities. Dell Unity suffers from an operating system command injection vulnerability that c...

Dell PowerProtect Data Domain Operating System Command Injection Vulnerability

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to execute arbitrary commands...

Dell Unity svc_nfssupport utility OS command injection vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. An operating system command injection vulnerability exists in Dell Unity 5.5 and prior versions, which stems from the svcnfssupport utility failing to properly filter construct command special characters, commands, etc. An...

OpenEXR code issue vulnerability (CNVD-2025-24797)

OpenEXR is a high dynamic range image file format designed for the movie industry. A null pointer dereference vulnerability exists in OpenEXR version 3.3.2 when reading a deep scanline image containing a large number of sample points in reduceMemory mode, which stems from a null pointer exception...

OpenEXR Buffer Overflow Vulnerability (CNVD-2025-24798)

OpenEXR is an open standard for high dynamic range image HDR file formats. A buffer overflow vulnerability exists in OpenEXR version 3.3.2, which stems from incorrect pointer arithmetic leading to an out-of-bounds read operation when decompressing a DWAA compressed scanline EXR file with...

WordPress Customer Reviews for WooCommerce plugin cross-site scripting vulnerability

WordPress Customer Reviews for WooCommerce plugin is mainly used to enhance the customer reviews feature of the WooCommerce platform to boost store conversions and user trust through automated alerts, multi-language support and social proof. A cross-site scripting vulnerability exists in the...

Logic Flaw Vulnerability in Founder's All-Media News Gathering and Editing System of Beijing Beifang Founder Electronics Co.

Beijing Beifang Founder Electronics Co., Ltd. covers the fields of printing, font, media publishing and big data, providing inkjet printing equipment, digital publishing technology and media convergence solutions. A logic flaw vulnerability exists in Beijing Beifang Founder Electronics Co., Ltd.'...

Alpine iLX-507 Stack Buffer Overflow Vulnerability (CNVD-2025-20813)

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the root context...

WordPress BerqWP plugin file upload vulnerability

WordPress BerqWP plugin is an automated performance optimization plugin for the WordPress platform, which is mainly used to improve website loading speed, Core Web Vitals score and search engine ranking. A file upload vulnerability exists in the WordPress BerqWP plugin, which stems from a missing...

Online Medicine Guide cussignup.php File SQL Injection Vulnerability

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter uname in the file /cussignup.php. The vulnerability can be exploited to execute illegal S...

Online Admission System SQL Injection Vulnerability

Online Admission System is an online admission system. The Online Admission System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /adminac.php. An attacker can exploit this vulnerability to...

Online Medicine Guide login.php File SQL Injection Vulnerability

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter uname in the file /login.php. The vulnerability can be exploited by an attacker to execute...

Vehicle Management addvehicle.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter vehicle in the file /addvehicle.php. An attacker can exploit this vulnerability to execute...

Vehicle Management /filter.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter.php. An attacker can exploit this vulnerability to execute illegal...

Vehicle Management /filter1.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter vehicle in file /filter1.php. An attacker can exploit this vulnerability to execute illegal...

Vehicle Management filter2.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter2.php. An attacker can exploit this vulnerability to execute illega...

Exam Form Submission update_s7.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter credits in file /admin/updates7.php. An attacker can exploit this vulnerability to execute illegal SQL...

Wazifa System postpublish.php File SQL Injection Vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter post in the file /controllers/postpublish.php against externally entered SQL statements. An attacker can exploit this vulnerability t...

Wazifa System updatesettings.php file SQL injection vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Password in the file /controllers/updatesettings.php. An attacker can use this vulnerability to...

WordPress GiveWP plugin cross-site scripting vulnerability

WordPress GiveWP plugin is an open source online donation system plugin, mainly used to help the website to realize the online fundraising function. WordPress GiveWP plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

Alpine iLX-507 UPDM_wstpCBCUpdStart Function OS Command Injection Vulnerability

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 UPDMwstpCBCUpdStart function suffers from an operating system command injection vulnerability that stems from the failure of the UPDMwstpCBCUpdStart function to correctly filter constructed command special characters,...

Alpine iLX-507 Stack Buffer Overflow Vulnerability (CNVD-2025-20810)

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in a root context...

WordPress HT Mega plugin path traversal vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A path traversal vulnerability exists in the WordPress HT Mega...

Vehicle Management updatebal.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter company in the file /updatebal.php. An attacker can exploit this vulnerability to execute...

WordPress The Plus Addons for Elementor plugin cross-site scripting vulnerability

WordPress The Plus Addons for Elementor plugin is a professional extension plugin for Elementor page builder that provides over 120 widgets and extensions with support for WooCommerce store builder, Mega menu, popups and other advanced features. WordPress The Plus Addons for Elementor plugin...

WordPress SureForms plugin cross-site scripting vulnerability

WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...

WordPress Stratum plugin cross-site scripting vulnerability

WordPress Stratum plugin is a third-party extension plugin that is mainly used to enhance page building functionality. It offers 20+ free business-oriented extension components that support automatic adaptation of the current theme's visual style while keeping the site running efficiently...