56 matches found
EUVD-2025-206734
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects Efficiency Management System: through 03022026. NOTE...
CVE-2025-4764
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection. This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...
Iran-Linked Hackers Hit Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper...
SQL Injection Vulnerability in DedeCMS of Shanghai Zhuozhuo Network Technology Company Limited (CNVD-2024-13237)
DedeCMS is the most well-known PHP open source website management system, but also the use of the most users of the PHP class CMS system. Shanghai Zhuozhuo Network Technology Co., Ltd. DedeCMS SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive informatio...
74cms Cross-Site Scripting Vulnerability (CNVD-2022-58890)
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...
74cms cross-site scripting vulnerability (CNVD-2022-58888)
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/account/safety/trade lack of data validation filtering of user-supplied data and output. An...
74cms SQL Injection Vulnerability (CNVD-2022-58381)
74cms is an online recruitment system based on PHP and MySQL by China Xunyi Technology Company. A SQL injection vulnerability exists in 74cmsSE v3.5.1, which originates from the lack of validation of externally entered SQL statements in the keyword parameter of /home/campus/campusjob. An attacker...
74cms Cross-Site Scripting Vulnerability (CNVD-2022-58893)
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cms version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /index/jobfairol/show/ lack of data validation filtering for user-supplied data and output. An attacker...
74cms cross-site scripting vulnerability (CNVD-2022-58891)
74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/viewbebrowsed/total missing data validation filters for user-supplied data and output. An...
GHSA-XX36-6RV4-GJ8R ecdsa-elixir fails to check signatures, vulnerable to message forging
Summary Stark Bank is a financial technology company that provides services to simplify and automate digital banking, by providing APIs to perform operations such as payments and transfers. In addition, Stark Bank maintains a number of cryptographic libraries to perform cryptographic signing and...
File Upload Vulnerability in Flash Flood Monitoring and Early Warning System of Siltronic Ltd (CNVD-2022-16624)
Siltronic Ltd. is a technology-based enterprise dedicated to the cause of disaster prevention and mitigation in China. A file upload vulnerability exists in the Flash Flood Monitoring and Early Warning System of Sicron Technology Co. Ltd, which can be exploited by attackers to gain control of the...
File Upload Vulnerability in Flash Flood Monitoring and Early Warning System of Siltronic Technology Limited (CNVD-2022-16623)
Siltronic Ltd. is a technology-based enterprise dedicated to the cause of disaster prevention and mitigation in China. A file upload vulnerability exists in the Flash Flood Monitoring and Early Warning System of Sicron Technology Co. Ltd, which can be exploited by attackers to gain control of the...
Weak Password Vulnerability in TamronOS IPTV System
TamronOS Tenglong.com was founded in 2008, is a professional technology company specializing in Linux routing, authentication billing, caching system, IPTV system, VOD system development. TamronOS IPTV system suffers from a weak password vulnerability, which can be exploited by an attacker to log...
SQL Injection Vulnerability in NVS3000 Integrated Video Surveillance Platform of Datang Telecom Technology Co. Ltd (CNVD-2021-45156)
Datang Telecom Technology Co., Ltd. is a provider of products and integrated solutions in the field of information and communications. A SQL injection vulnerability exists in Datang Telecom Technology Co., Ltd.'s NVS3000 Integrated Video Surveillance Platform, which can be exploited by attackers ...
Silicon Peak website builder system suffers from SQL injection vulnerability
Shaanxi Silicon Peak Network Technology Co., Ltd. is a high-end brand network company integrating "website design, software development, micro letter construction" and other informationization services. There is a SQL injection vulnerability in Silicon Peak's website builder system, which can be...
Weak Password Vulnerability in Solarsys Marketing Routing System of Beijing Oriental Gosun Information Technology Co.
Oriental Gosun is a leading Chinese technology company integrating hardware production and platform operation, focusing on commercial Wi-Fi and media services, developing and providing localized commercial Wi-Fi solutions. A weak password vulnerability exists in the Solarsys marketing routing...
Shenzhen Tengxu IOT Technology Co., Ltd. behavioral management system has SQL injection vulnerability
Shenzhen Tengxu IOT Technology Co., Ltd. was founded in August 2013, is a collection of commercial wireless network product research and development design, manufacturing, sales and service as one of the Internet technology companies. Shenzhen Tengfox IOT Technology Co., Ltd. behavioral managemen...
SQL Injection Vulnerability in the Website Building System of Bo.com Chasing New Technology (Beijing) Co.
Ltd. is a high-paying technology company dedicated to website construction. A SQL injection vulnerability exists in the website building system of Boonet Chase New Technology Beijing Co. An attacker can exploit the vulnerability to obtain sensitive information from the database...
SQL injection vulnerability in the water information management platform of Shandong Weimicro Technology Co.(CNVD-2021-22467)
Shandong Weimicro Technology Co., Ltd. is a science and technology-oriented enterprise mainly engaged in technology research and development. Shandong Weimicro Technology Co., Ltd. water information management platform has a SQL injection vulnerability, which can be exploited by attackers to obta...
Haiyan Chuangyi Software Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2021-16391)
Haiyan Chuangyi Software Technology Co., Ltd. is a high-tech enterprise specializing in research and development, application and service in the field of computer information technology. Haiyan Chuangyi Software Technology Co., Ltd. has a SQL injection vulnerability in its website building system...