Online Appointment Booking System addmanagerclinic.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file /admin/addmanagerclinic.php...

WordPress Traveler plugin SQL Injection Vulnerability

WordPress Traveler plugin is a WordPress plugin designed for the travel industry , mainly used to create travel and trekking websites, support online booking system, itinerary management and other features. WordPress Traveler plugin suffers from a SQL injection vulnerability that stems from the...

WeGIA SQL Injection Vulnerability (CNVD-2025-17261)

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...

Church Donation System update_password_admin.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter newpassword in the file /members/updatepasswordadmin.php against an externally entered SQL statement. An...

Church Donation System /login_admin.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter Username in the file /members/loginadmin.php. An attacker can exploit this...

Emby Windows File Upload Vulnerability

Emby Windows is a media playback application for the Windows platform developed by Emby LLC that supports Windows 10, 11 and later systems. A file upload vulnerability exists in Emby Windows that stems from an unrestricted upload of a dangerous type of file. The vulnerability can be exploited to...

Emby Windows Server Request Forgery Vulnerability

Emby Windows is a media playback application for the Windows platform developed by Emby LLC that supports Windows 10, 11 and later systems. Emby Windows suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to...

TOTOLINK T6 Buffer Overflow Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK, which supports MQTT protocol and Telnet service, and is mainly used for home and small business networking. The TOTOLINK T6 suffers from a buffer overflow vulnerability, which originates from the failure of parameter s in the MQTT...

Denial of Service Vulnerability in Multiple Mozilla Products (CNVD-2025-20067)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A denial of service vulnerability exists in several Mozilla products,...

MB CONNECT LINE mbNET.mini OS Command Injection Vulnerability (CNVD-2025-21143)

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from an operating system command injection vulnerability that stems from improper...

TOTOLINK N350RT Buffer Overflow Vulnerability

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK N350RT version V9.3.5u.6139B20201216, which stems from the ePort parameter failing to correctly validate the length and size of the input data, and can be...

TOTOLINK T6 Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. TOTOLINK T6 suffers from a command injection vulnerability that originates from the function ckeckKeepAlive in the file wireless.so failing to properly filter...

WeGIA SQL Injection Vulnerability (CNVD-2025-17265)

WeGIA is a web manager for welfare organizations from the individual developer Nilson Lazarin. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarInfoPessoal.php endpoint...

WeGIA SQL Injection Vulnerability (CNVD-2025-17263)

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarDoc.php endpoint idatendidofamiliares parameter. An attacker could exploit...

WeGIA SQL Injection Vulnerability (CNVD-2025-17269)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/saude/profilepaciente.php endpoint idfuncionario parameter. An attacker could exploit this vulnerability...

Online Ordering System edit_product.php File Upload Vulnerability

Online Ordering System is an online ordering system. A file upload vulnerability exists in Online Ordering System that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/editproduct.php. No details of the vulnerability are available at this time...

D-Link DI-8100 Buffer Overflow Vulnerability

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium-sized network environments. It supports 4 Internet ports and 4 LAN ports, and utilizes a network-specific processor to meet the needs of 80 devices for simultaneous networking. The D-Link DI-8100 suffers from a buff...

Tenda FH451 formSafeEmailFilter Function Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 version 1.0.0.9 suffers from a buffer overflow vulnerability that originates from a failure to properly validate the length of the input data for the parameter page in the file /goform/SafeEmailFilter, which can be...

Tenda FH451 formSafeUrlFilter Function Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 version 1.0.0.9 suffers from a buffer overflow vulnerability that originates from a failure to properly validate the length of input data for the parameter Go/page in the file /goform/SafeUrlFilter, which could be exploit...

Tenda FH451 formPPTPDClient function buffer overflow vulnerability

Tenda FH451 is a single-band 2.4GHz SOHO wireless router launched by China Tenda, with a maximum transmission rate of 450Mbps, belonging to the series of products of the King of Wall Penetration. The Tenda FH451 suffers from a buffer overflow vulnerability, which originates from the parameter...

Online Security Guards Hiring System Cross-Site Scripting Vulnerability

Online Security Guards Hiring System is an online security guard hiring system. Online Security Guards Hiring System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17254)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the precadastroatendido.php endpoint, for which no detailed vulnerability details are currently available...

Tenda FH451 formP2pListFilter function buffer overflow vulnerability

Tenda FH451 is a single-band 2.4GHz SOHO wireless router launched by China Tenda, with a maximum transmission rate of 450Mbps, belonging to the series of products of the King of Wall Penetration. Tenda FH451 has a buffer overflow vulnerability, the vulnerability stems from the parameter page in t...

Tenda FH451 formNatStaticSetting function buffer overflow vulnerability

Tenda FH451 is a single-band 2.4GHz SOHO wireless router launched by China Tenda, with a maximum transmission rate of 450Mbps, belonging to the series of products of the King of Wall Penetration. Tenda FH451 has a buffer overflow vulnerability, the vulnerability stems from the parameter page in t...

Tenda FH451 formwebtypelibrary function buffer overflow vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 version 1.0.0.9 suffers from a buffer overflow vulnerability, which originates from the parameter webSiteId in the file /goform/webtypelibrary that fails to correctly validate the length of the input data, which can be...

Art Gallery Management System edit-art-medium-detail.php File Cross-Site Scripting Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System has a cross-site scripting vulnerability , the vulnerability stems from the /admin/edit-art-medium-detail.php file artmed parameter for the user to provide data lack of effective filtering and escapin...

Church Donation System reg.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter mobile in the file /reg.php. An attacker can exploit this vulnerability to execut...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17025)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current process...

Apartment Visitors Management System visitor-detail.php file cross-site scripting vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter visname in the file...

Church Donation System offering.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter trcode in the file /members/offering.php. An attacker can exploit this...

Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability

Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides reports related to business data and call center data presentation capabilities. A server-side request forgery vulnerability exists in Cisco Unified Intelligence...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17257)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adicionarenfermidade.php endpoint nome parameter, no details of the vulnerability are provided at thi...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17260)

WeGIA is a web manager for welfare organizations from the individual developer Nilson Lazarin. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the cadastroadotante.php endpoint cpf parameter, no details ...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17267)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the personalizacaoselecao.php endpoint id parameter, no details of the vulnerability are provided at this...

WeGIA Access Control Error Vulnerability

WeGIA is a web manager for welfare organizations. WeGIA has an access control error vulnerability that can be exploited by an attacker to cause an unauthenticated user to access protected functionality...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17262)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the control.php endpoint descricaoemergencia parameter, for which no detailed vulnerability details are...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-17110)

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17259)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adicionarraca.php endpoint raca parameter, no details of the vulnerability are provided at this time...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17258)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the adicionarespecie.php endpoint especie parameter, no details of the vulnerability are provided at this...

WordPress Funnel Builder by FunnelKit plugin SQL Injection Vulnerability

WordPress Funnel Builder by FunnelKit plugin is a professional sales funnel builder plugin for WordPress platform, which is mainly used to optimize the WooCommerce shopping process and increase the conversion rate. The WordPress Funnel Builder by FunnelKit plugin suffers from a SQL injection...

Church Donation System search.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter Username in the file /members/search.php for externally entered SQL statements. An attacker can exploit this...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17024)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

Simopro Technology WinMatrix3 Cross-Site Scripting Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Simopro Technology WinMatrix3 File Upload Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. A file upload vulnerability exists in Simopro Technology WinMatrix3, which stems from the application's lack of validation of...

Simopro Technology WinMatrix3 Deserialization Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a deserialization vulnerability that arises from unsafe deserialization of serialize...

Simopro Technology WinMatrix3 SQL Injection Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that stems from the application's lack of validation o...

MB CONNECT LINE mbNET.mini Operating System Command Injection Vulnerability

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from an operating system command injection vulnerability that stems from improper...

MB CONNECT LINE mbNET.mini resource management error vulnerability (CNVD-2025-21146)

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A resource management error vulnerability exists in MB CONNECT LINE mbNET.mini that originates from exhausting critical...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17026)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

Unspecified vulnerability in Netgear RAX30 (CNVD-2025-16868)

The NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in Netgear RAX30 version V1.0.10.94, which can be exploited by an attacker to potentially cause remote code execution...