130931 matches found
Doctor Appointment Management System Session Hijacking Vulnerability
Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a session hijacking vulnerability that stems from the /doctor/change-password.php component not properly terminating a session. No details of the vulnerability are...
IBM Db2 for Linux Buffer Overflow Vulnerability
IBM Db2 for Linux is a relational database management system from IBM. A stack-based buffer overflow vulnerability exists in IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2, which stems from the db2fm component not adequately checking boundaries. A local user can exploit this vulnerability ...
NVIDIA Jetson AGX Orin and NVIDIA IGX Orin Input Validation Error Vulnerability
The NVIDIA Jetson AGX Orin and NVIDIA IGX Orin are both products of NVIDIA Corporation, the NVIDIA Jetson AGX Orin is a compact, powerful computer and the NVIDIA IGX Orin is an industrial-grade edge AI platform that delivers high-performance, advanced functional security and information security...
Integer Overflow Vulnerability in Multiple VMWare Products
VMWare ESXi and others are products of VMWare, Inc. VMWare ESXi is an enterprise-grade Type-1 hypervisor developed by VMWare, Inc. that can be installed and run directly on physical server hardware without relying on the underlying operating system for efficient creation and management of virtual...
JetBrains TeamCity elevation of privilege vulnerability (CNVD-2025-20489)
JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an elevation of privilege vulnerability that stems from improperly set directory permissions. An attacker can exploit...
JetBrains TeamCity Cross-Site Scripting Vulnerability
JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from a cross-site scripting vulnerability that stems from the presence of reflective cross-site scripting on the...
JetBrains TeamCity Information Disclosure Vulnerability
JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from an hg pull command line parameter resulting in an exposed...
NETGEAR XR300 Stack Buffer Overflow Vulnerability (CNVD-2025-20496)
The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...
Online Course Registration Session Hijacking Vulnerability
Online Course Registration is an online course registration system. A session hijacking vulnerability exists in Online Course Registration, which stems from improper session expiration of the component /crm/change-password.php. No details of the vulnerability are available at this time...
TOTOLINK X6000R Command Injection Vulnerability
TOTOLINK X6000R is a WiFi 6 technology-enabled wireless router from China's Gion Electronics TOTOLINK with high concurrent connections and dual-band transmission. The TOTOLINK X6000R suffers from a command injection vulnerability that stems from not strictly filtering tz parameters. No detailed...
HCL IEM Information Disclosure Vulnerability (CNVD-2025-20024)
HCL IEM is an intelligent event management platform from HCL India. HCL IEM suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
HCL IEM Information Disclosure Vulnerability (CNVD-2025-20021)
HCL IEM is an intelligent event management platform from HCL India. HCL IEM suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
HCL IEM Information Disclosure Vulnerability
HCL IEM is an intelligent event management platform from HCL India. HCL IEM suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
WordPress My Reservation System plugin cross-site scripting vulnerability
WordPress My Reservation System plugin is a booking system plugin based on the WordPress platform, which is mainly used for the development of online booking functions for hotels, B&Bs, villas and other accommodation scenarios. WordPress My Reservation System plugin suffers from a cross-site...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-18013)
IBM Db2 is a relational database management system from IBM that supports a variety of operating systems, including Linux. A denial of service vulnerability exists in IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2, which originates from executable segments waiting for each other to release...
Taxi Stand Management System admin/new-autoortaxi-entry-form.php file cross-site scripting vulnerability
Taxi Stand Management System is a cab stand management system. Taxi Stand Management System suffers from a cross-site scripting vulnerability that originates from the incorrect operation of the parameter registrationnumber/licensenumber in the file /admin/new-autoortaxi-entry-form.php, for which ...
MedDream PACS Premium cecho.php Function Server-Side Request Forgery Vulnerability
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A server-side request forgery vulnerability exists in the MedDream PACS Premium cecho.php function, and no detailed vulnerability details are available at this time...
HCL IEM Information Disclosure Vulnerability (CNVD-2025-20023)
HCL IEM is an intelligent event management platform from HCL India. HCL IEM suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
WordPress muse.ai video embedding cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress muse.ai video embedding, which stems from insufficient input cleanup and output escaping, and can be exploited by a...
WordPress ebook store cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress ebook store, which stems from a lack of file type validation in the ebookstoresaveform function and can be exploite...
WordPress Dataverse Integration Missing Authorization Vulnerability
WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...
WordPress hiWeb Export Posts Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress hiWeb Export Posts, which stems from missing or incorrect random number validation, and can be exploited by a...
Tenda AC8V4 Buffer Overflow Vulnerability (CNVD-2025-17345)
The Tenda AC8V4 is a wireless router from Tenda China. The Tenda AC8V4 suffers from a buffer overflow vulnerability that originates from a stack buffer overflow in the timeZone and timeType parameters in /goform/SetSysTimeCfg, which can be exploited by an attacker to crash the application...
Tenda AC8V4 Buffer Overflow Vulnerability (CNVD-2025-17346)
The Tenda AC8V4 is a wireless router from Tenda China. Tenda AC8V4 suffers from a buffer overflow vulnerability that originates from a stack buffer overflow in the time parameter in /goform/saveParentControlInfo, no detailed vulnerability details are available at this time...
TOTOLINK X15 Buffer Overflow Vulnerability (CNVD-2025-17524)
TOTOLINK X15 is a network wireless extender manufactured by China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. The TOTOLINK X15 suffers from a buffer...
GNU Binutils Resource Management Error Vulnerability
GNU Binutils is a binary toolset developed by the GNU Project to handle operations such as target files, assembly and linking. A memory leak vulnerability exists in GNU Binutils version 2.44, which originates from a processdebuginfo function handling exception in the binutils/dwarf.c file in the...
Online Ordering System user.php File SQL Injection Vulnerability
Online Ordering System is an online ordering system. Online Ordering System has a SQL injection vulnerability that originates from an unfiltered parameter un in the /admin/user.php file that allows manipulation of database queries. No details of the vulnerability are available at this time...
Tenda CH22 formdeleteUserName function buffer overflow vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from the formdeleteUserName function in the /goform/deleteUserName file improperly handling the oldaccount parameter. An attacker can exploit this vulnerabilit...
GNU Binutils Buffer Overflow Vulnerability (CNVD-2025-18193)
GNU Binutils is a binary toolset developed by the GNU Project for working with target files and executables. A security vulnerability exists in GNU Binutils version 2.44, which stems from a bfdelfgetstrsection function handling exception in the bfd/elf.c component of the BFD library file. An...
TOTOLINK X15 devicemac1 parameter buffer overflow vulnerability
TOTOLINK X15 is a network wireless extender manufactured by China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. A buffer overflow vulnerability exists in t...
TOTOLINK X15 formMapDelDevice File Buffer Overflow Vulnerability
TOTOLINK X15 is a network wireless extender manufactured by China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. A buffer overflow vulnerability exists in t...
TOTOLINK X15 Buffer Overflow Vulnerability
TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK, mainly used to extend Wi-Fi coverage. The device supports Wi-Fi 6 technology and offers AX1500 wireless transmission rate for home and small office scenarios. The TOTOLINK X15 suffers from a buffer overflow...
Exam Form Submission dashboard.php file SQL injection vulnerability
Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the phone parameter in the /user/dashboard.php file not being securely filtered. No details of the vulnerability are available at this time...
D-Link DIR-513 formLanguageChange function buffer overflow vulnerability
D-Link DIR-513 is a portable wireless router that focuses on thin and light design and easy-to-use features, and supports IEEE 802.11n, 802.11g/b standards with a maximum transmission rate of 300Mbps. The D-Link DIR-513 suffers from a buffer overflow vulnerability that stems from improper handlin...
D-Link DIR-513 Buffer Overflow Vulnerability
D-Link DIR-513 is a portable wireless router that focuses on thin and light design and easy-to-use features, and supports IEEE 802.11n, 802.11g/b standards with a maximum transmission rate of 300Mbps. The D-Link DIR-513 suffers from a buffer overflow vulnerability that originates from improper...
TOTOLINK A702R Buffer Overflow Vulnerability (CNVD-2025-18346)
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from a flaw in the handling of the ip6addr parameter in the...
TOTOLINK A702R Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from improper handling of the mac parameter in the...
TOTOLINK A702R Buffer Overflow Vulnerability
The TOTOLINK A702R is a wireless router model from China's Gion Electronics, with key features including dual-band 2.4GHz/5.8GHz network connectivity, up to 1200Mbps transfer rate, four 5dBi antennas, and a built-in firewall. A buffer overflow vulnerability exists in the TOTOLINK A702R, which...
TOTOLINK A702R Buffer Overflow Vulnerability
The TOTOLINK A702R is a wireless router from TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A702R version 4.0.0B20230721.1521, which stems from improper handling of the submit-url parameter in the /boafrm/formWlanMultipleAP file in the HTTP POST request handling component. An attack...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30357)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that stems from insufficient input validation of form fields. An attacker can exploit this...
Tenda AC20 Buffer Overflow Vulnerability
Tenda AC20 is a dual-band wireless router with IPv6 protocol support, featuring a triple-core 1GHz main controller with six 6dBi external antennas and a maximum wireless transmission rate of 2033Mbps. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from improper handli...
Tenda AC20 Buffer Overflow Vulnerability
Tenda AC20 is a dual-band wireless router with IPv6 protocol support, featuring a triple-core 1GHz main controller with six 6dBi external antennas and a maximum wireless transmission rate of 2033Mbps. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from a flaw in the...
D-Link DI-8400 Null Pointer Dereference Vulnerability
D-Link DI-8400 is an Internet Behavior Management router from D-Link designed for medium to large enterprise network environments, supporting 360 users with parallel access and full Gigabit port configuration. The D-Link DI-8400 suffers from a null pointer dereference vulnerability that originate...
D-Link DIR-513 formSetWanL2TPcallback function buffer overflow vulnerability
D-Link DIR-513 is a portable wireless router that focuses on thin and light design and easy-to-use features, and supports IEEE 802.11n, 802.11g/b standards with a maximum transmission rate of 300Mbps. The D-Link DIR-513 suffers from a buffer overflow vulnerability that originates from the...
Tenda AC10 Buffer Overflow Vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, which is mainly for 200M and above fiber optic users, supports Wi-Fi 5 technology standard, and provides dual-band concurrent transmission. The Tenda AC10 suffers from a buffer overflow...
Tenda AC18 Weak Password Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a weak password vulnerability that originates from a code flaw in the /etcro/smb.conf file in the Samba component. No detailed...
Freescout Helper::decrypt() function deserialization vulnerability
FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from an application that...
WordPress Extensions For CF7 Plugin Path Traversal Vulnerability
WordPress Extensions For CF7 Plugin is a plugin that extends the functionality of Contact Form 7, mainly used to enhance the database management, conditional logic processing and user guidance capabilities of native forms. The WordPress Extensions For CF7 Plugin suffers from a path traversal...
WeGIA SQL Injection Vulnerability (CNVD-2025-17268)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/profiledependente.php endpoint iddependente parameter. An attacker could exploit this...
WeGIA SQL Injection Vulnerability (CNVD-2025-17264)
WeGIA is a web manager for welfare organizations from the individual developer Nilson Lazarin. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarEndereco.php endpoint...