Unspecified vulnerability in Netgear RAX30 (CNVD-2025-16868)

The NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in Netgear RAX30 version V1.0.10.94, which can be exploited by an attacker to potentially cause remote code execution...

Unspecified Vulnerability in NETGEAR RAX30 (CNVD-2025-16867)

The NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in NETGEAR RAX30 version V1.0.10.943, which can be exploited by an attacker to potentially cause a denial of service attack...

Simopro Technology WinMatrix3 SQL Injection Vulnerability (CNVD-2025-20307)

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a SQL injection vulnerability that can be exploited by a remote attacker to read the...

Apartment Visitors Management System bwdates-reports.php file cross-site scripting vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter visname in the file...

Fortinet FortiIsolator Access Control Error Vulnerability

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...

Microsoft Azure Machine Learning elevation of privilege vulnerability (CNVD-2025-17135)

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

Microsoft Azure DevOps Elevation of Privilege Vulnerability

Microsoft Azure DevOps is a team collaboration services platform from Microsoft Corporation USA. Microsoft Azure DevOps has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

Microsoft Azure Machine Learning elevation of privilege vulnerability (CNVD-2025-17136)

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

IBM Security QRadar Network Threat Analytics Resource Management Error Vulnerability

IBM Security QRadar Network Threat Analytics is an advanced network security analysis tool from International Business Machines IBM. A resource management error vulnerability exists in IBM Security QRadar Network Threat Analytics version 1.3.1 and prior versions, which stems from a resource...

WordPress Ajax Load More plugin license issue vulnerability

WordPress Ajax Load More plugin is an open source plugin , mainly used to achieve infinite scrolling of website content and lazy loading function , optimize the user experience through AJAX technology . WordPress Ajax Load More plugin has an authorization issue vulnerability, the vulnerability...

WordPress Pixel Gallery Addons for Elementor plugin cross-site scripting vulnerability

WordPress Pixel Gallery Addons for Elementor plugin is a visual page builder plugin for WordPress platform, designed for Elementor, mainly used to create responsive image/video display features. The WordPress Pixel Gallery Addons for Elementor plugin suffers from a cross-site scripting...

Code Execution Vulnerabilities in Multiple Mozilla Products (CNVD-2025-20058)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-20062)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products, whic...

WordPress WP JobHunt plugin input validation error vulnerability

WordPress WP JobHunt plugin is a companion theme to the WP Job Manager plugin, designed for creating professional job boards. The WordPress WP JobHunt plugin suffers from an input validation error vulnerability that stems from a lack of user control key validation in the csremoveprofilecallback...

WordPress User Registration Plugin Cross-Site Scripting Vulnerability

WordPress User Registration Plugin is a plugin for extending the functionality of WordPress, mainly used to create custom user registration forms, manage user accounts and implement membership features. WordPress User Registration Plugin suffers from a cross-site scripting vulnerability that stem...

WordPress WP-Members Membership plugin cross-site scripting vulnerability

WordPress WP-Members Membership plugin is a free membership plugin for WordPress, which is mainly used to restrict access to website content and support user login, registration and personalized user profile management. WordPress WP-Members Membership plugin suffers from a cross-site scripting...

Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-20063)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in several Mozilla...

Tenda AC7 Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the function formSetMacFilterCfg in the file /goform/setMacFilterCfg that fails to correctly validate the length and size of the input data,...

WordPress Birth Chart Compatibility plugin Information Disclosure Vulnerability

WordPress Birth Chart Compatibility plugin is a tool for testing horoscope pairing compatibility. WordPress Birth Chart Compatibility plugin suffers from an information disclosure vulnerability that originates from direct access to the index.php file resulting in full path disclosure, which can b...

E-Commerce Site Cross-Site Request Forgery Vulnerability

E-Commerce Site is an e-commerce site. E-Commerce Site suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a trusted user. No details of the vulnerability are available at this time...

TOTOLINK A3300R Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.596B20250515, which stems from the mac and desc parameters failing to correctly filter constructed command special characters, commands, a...

D-Link DIR-816L Command Injection Vulnerability

The D-Link DIR-816L is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-816L 2.06B01 and earlier versions, which stems from the lxmldbcsystem function in the environment variable handling component failing to properly filter construct command...

D-Link DIR-817L Command Injection Vulnerability

D-Link DIR-817L is a home-grade dual-band wireless router from D-Link that supports IEEE 802.11ac standard with dual-band concurrency 2.4GHz/5GHz and a maximum wireless transmission rate of 750Mbps. A command injection vulnerability exists in the D-Link DIR-817L, which stems from the failure of t...

Open5GS Denial of Service Vulnerability (CNVD-2025-18570)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by an attacker to cause reachable assertions...

Zoom Workplace for Linux Improper Certificate Validation Vulnerability

Zoom Workplace for Linux is a Linux application for enterprise communication and collaboration, offering features such as video conferencing, online meetings, chat and mobile collaboration. Zoom Workplace for Linux suffers from an improper certificate validation vulnerability that can be exploite...

Zoom Clients for Windows Buffer Overflow Vulnerability

Zoom Clients for Windows is a video conferencing software client developed by Zoom Inc. for Windows operating systems. A buffer overflow vulnerability exists in Zoom Clients for Windows, which can be exploited by an attacker to cause a denial of service...

Zoom Clients Cross-Site Scripting Vulnerability

Zoom Clients is a multi-platform video conferencing client application developed by Zoom Inc. for video conferencing, online collaboration and other functions. A cross-site scripting vulnerability exists in Zoom Clients, which can be exploited by attackers to cause information leakage...

Zoom Clients for Windows Buffer Overflow Vulnerability

Zoom Clients for Windows is a video conferencing software client developed by Zoom Inc. for Windows operating systems. A buffer overflow vulnerability exists in Zoom Clients for Windows, which can be exploited by an attacker to cause a denial of service...

Zoom Clients for iOS Information Disclosure Vulnerability

Zoom Clients for iOS is Zoom's official video conferencing app for iOS devices e.g., iPhone, iPad, supporting meeting convening, screen sharing, chatting and other features for business office, distance learning and other scenarios. Zoom Clients for iOS has an information leakage vulnerability,...

Schneider Electric EcoStruxure IT Data Center Expert Server-Side Request Forgery Vulnerability

Schneider Electric EcoStruxure IT Data Center Expert is a scalable monitoring software from Schneider Electric France that collects, organizes, and distributes critical device information to provide a comprehensive view of devices. A server-side request forgery vulnerability exists in Schneider...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17256)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adicionarcor.php endpoint cor parameter, no details of the vulnerability are provided at this time...

WeGIA SQL Injection Vulnerability

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that originates from the unvalidated parameter idatendido in file /html/atendido/ProfileAtendido.php, which can be exploited by an attacker to execute illegal SQL commands to steal sensitive databa...

Tenda FH451 formPPTPUserSetting function buffer overflow vulnerability

Tenda FH451 is a single-band 2.4GHz SOHO wireless router launched by China Tenda, with a maximum transmission rate of 450Mbps, belonging to the series of products of the King of Wall Penetration. The Tenda FH451 suffers from a buffer overflow vulnerability, which originates from the failure to...

WeGIA Cross-Site Scripting Vulnerability

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter err in the file personalizacao.php, for which no detailed vulnerability details are availab...

MB CONNECT LINE mbNET.mini SQL Injection Vulnerability

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from a SQL injection vulnerability that stems from improper neutralization of special...

TOTOLINK T6 serverIp Parameter Buffer Overflow Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from the failure of the parameter serverIp in the MQTT Service to correctly validate the length and size of the input...

Elevation of Privilege Vulnerability in Multiple Mozilla Products (CNVD-2025-20068)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An elevation of privilege vulnerability exists in several Mozilla...

Tenda FH451 Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 version 1.0.0.9 suffers from a buffer overflow vulnerability, which originates from the parameter PPW in the file /goform/WizardHandle that fails to correctly validate the length of the input data, which can be exploited ...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17253)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter err in the file personalizacaoimagem.php, for which no detailed vulnerability details are...

Tenda FH451 fromVirtualSer Function Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda FH451 version 1.0.0.9, which originates from the failure of the fromVirtualSer function in file /goform/VirtualSer to correctly validate the length of the input data for the parameter...

Church Donation System login.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter Username in the file /login.php. An attacker can exploit this vulnerability...

TOTOLINK T6 dest parameter buffer overflow vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from the parameter dest of the recvSlaveStaInfo function of the MQTT service failing to correctly validate the...

Tenda FH451 fromSetIpBind Function Buffer Overflow Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 version 1.0.0.9 suffers from a buffer overflow vulnerability, which originates from the parameter page of the fromSetIpBind function in the file /goform/SetIpBind that fails to correctly validate the length of the input...

Church Donation System Tithes.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter trcode in the file /members/Tithes.php. An attacker can exploit this...

Church Donation System giving.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter Amount in the file /members/giving.php. An attacker can exploit this...

Apartment Visitors Management System category.php File Cross-Site Scripting Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter categoryname in the file...

Apartment Visitors Management System create-pass.php file cross-site scripting vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter visname in the file...

Tenda FH451 fromqossetting function buffer overflow vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda FH451 version 1.0.0.9, which originates from the failure of the fromqossetting function in the file /goform/qossetting to correctly validate the length of the input data for the paramet...

TOTOLINK T6 Buffer Overflow Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a buffer overflow vulnerability, which originates from the parameter ip in the file /cgi-bin/cstecgi.cgi that fails to correctly...

Online Appointment Booking System deletedoctorclinic.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file /admin/deletedoctorclinic.ph...