Tenda FH1201 /goform/PPTPDClient File Buffer Overflow Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 version 1.2.0.14408 suffers from a buffer overflow vulnerability, which originates from a failure to properly validate the length of input data in the parameter modino/username in the file /goform/PPTPDClient, which can be...

Tenda FH1201 /goform/L7Prot File Buffer Overflow Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 version 1.2.0.14408 suffers from a buffer overflow vulnerability, which originates from the parameter page in the file /goform/L7Prot that fails to correctly validate the length of the input data, which can be exploited by a...

Tenda FH1201 /goform/GstDhcpSetSer File Buffer Overflow Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 version 1.2.0.14408 suffers from a buffer overflow vulnerability, which originates from the parameter dips in the file /goform/GstDhcpSetSer that fails to correctly validate the length of the input data, which can be exploit...

Tenda FH1201 /goform/fromSafeUrlFilter File Buffer Overflow Vulnerability

The Tenda FH1201 is a wireless router from Tenda, China. The product is mainly aimed at home and small office network environments. The Tenda FH1201 suffers from a buffer overflow vulnerability, which originates from the parameter page in the file /goform/fromSafeUrlFilter that fails to correctly...

Tenda FH1201 Buffer Overflow Vulnerability (CNVD-2025-16634)

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a buffer overflow vulnerability, which originates from the parameter page in the file /goform/fromRouteStatic that fails to correctly validate the length and size of the input data, which can be exploited by an...

Tenda AC1206 Buffer Overflow Vulnerability

The Tenda AC1206 is a wireless Gigabit router from Tenda China. A buffer overflow vulnerability exists in Tenda AC1206 version 15.03.06.23, which originates from the parameter deviceList in the file /goform/setMacFilterCfg that fails to correctly validate the length of the input data, and can be...

Tenda O3V2 /goform/setWrlFilterList File Buffer Overflow Vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the /goform/setWrlFilterList file parameter macList fails to properly validate the length of the input data, which can be exploited by an attacker to...

Tenda O3V2 /goform/setWrlBasicInfo file buffer overflow vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the parameter extChannel in the file /goform/setWrlBasicInfo that fails to correctly validate the length and size of the input data, which can be exploite...

Tenda O3V2 /goform/setSysTimeInfo file buffer overflow vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the parameter Time in the file /goform/setSysTimeInfo that fails to correctly validate the length of the input data, and can be exploited by an attacker t...

Tenda O3V2 /goform/setRateTest File Buffer Overflow Vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the parameter destIP in the file /goform/setRateTest that fails to correctly validate the length of the input data, which can be exploited by an attacker ...

Tenda O3V2 /goform/setPing file buffer overflow vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability, which originates from the failure of the parameter destIP in the file /goform/setPing to correctly validate the length and size of the input data, which can be exploited by an...

Tenda O3V2 /goform/setPingInfo file command injection vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. Tenda O3V2 suffers from a command injection vulnerability, which originates from the parameter domain in the file /goform/setPingInfo failing to correctly filter constructed command special characters, commands, etc. The vulnerability is...

Tenda O3V2 /goform/operateMacFilter File Buffer Overflow Vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a buffer overflow vulnerability that originates from the /goform/operateMacFilter file parameter mac failing to properly validate the length and size of the input data, which can be exploited by an attacker to...

Tenda O3V2 /goform/getTraceroute file command injection vulnerability

Tenda O3V2 is an outdoor wireless bridge from Tenda, China. The Tenda O3V2 suffers from a command injection vulnerability that stems from the parameter dest in the file /goform/getTraceroute failing to correctly filter constructed command special characters, commands, and so on. No details of the...

TOTOLINK T6 setWiFiAclRules function buffer overflow vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a buffer overflow vulnerability, which originates from the parameter mac in the function setWiFiAclRules in the file...

TOTOLINK T6 setTracerouteCfg function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that originates from the failure of the parameter command of the function setTracerouteCfg in the fi...

TOTOLINK N300RB Command Injection Vulnerability

The TOTOLINK N300R is a wireless router for home and small office scenarios from Korean networking brand TOTOLINK. The TOTOLINK N300RB suffers from a command injection vulnerability that originates from the remote support feature of static key protection, which can be exploited by an attacker to...

Advantech iView Cross-Site Scripting Vulnerability (CNVD-2025-17826)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

Advantech iView NetworkServlet.archiveTrap Function SQL Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in the Advantech iView NetworkServlet.archiveTrap function. An attacker can exploit this vulnerability to perform SQL injection and execu...

Advantech iView CUtils.checkSQLInjection Function SQL Injection Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in the Advantech iView CUtils.checkSQLInjection function, which can be exploited by an attacker to cause an information disclosure or...

WordPress Plugin FooGallery Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FooGallery has a cross-site scripting vulnerability, the vulnerability stems from the...

Vehicle Parking Management System index.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter Username in file /admin/index.php that lacks validation of an externally entered SQL statement. An attacker can...

WordPress GB Forms DB plugin code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code injection vulnerability exists in the WordPress GB Forms DB plugin that originates in the gbfdbtalktofront function that accepts user input and passes it through...

Apache HTTP Server Authorization Problem Vulnerability (CNVD-2025-16611)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has an authorization issue vulnerability that can be exploited by attackers to cause HTTP session hijacking...

Vehicle Parking Management System manage-incomingvehicle.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter del in the file /admin/manage-incomingvehicle.php that lacks validation of externally entered SQL statements. An...

Tenda Ax1803 Stack Buffer Overflow Vulnerability

Tenda Ax1803 is a firmware product from Tenda that provides a range of features for network device setup and management. Users can use Tenda Ax1803 Firmware to perform network configuration, manage routers and other operations in a convenient and practical way. A stack buffer overflow vulnerabili...

Tenda AX1803 Buffer Overflow Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A security vulnerability exists in Tenda AX1803 version 1.0.0.1, which originates from a stack buffer overflow due to incorrect manipulation of the parameter deviceList by the function formSetWifiMacFilterCfg in the file...

WordPress Friends plugin code issue vulnerability

WordPress Friends plugin is a plugin for social interaction. WordPress Friends plugin has a code issue vulnerability that stems from improper deserialization of the queryvars parameter, which can be exploited by an attacker to cause code execution...

WordPress Broken Link Notifier plugin code issue vulnerability

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. The WordPress Broken Link Notifier plugin suffers from a code issue vulnerability that stems from the server not implementing an adequate validation mechanism to...

WordPress Broken Link Notifier plugin code execution vulnerability

WordPress Broken Link Notifier plugin is a plugin for monitoring broken links e.g. 404 errors, timeout links, etc. within a website. A code execution vulnerability exists in the WordPress Broken Link Notifier plugin that stems from the possibility of embedding malicious input when exporting CSV...

WordPress Contest Gallery plugin cross-site scripting vulnerability

WordPress Contest Gallery plugin is a powerful plugin that is mainly used to organize all kinds of online contests in WordPress websites, supporting the uploading and displaying of photos, videos, audios, documents and other types of files. WordPress Contest Gallery plugin suffers from a cross-si...

Advantech iView Cross-Site Scripting Vulnerability (CNVD-2025-17827)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

Vehicle Parking Management System signup.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter email in the file /users/signup.php that lacks validation of externally entered SQL statements. An attacker can...

Vehicle Parking Management System forgot-password.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter email in the file /users/forgot-password.php that lacks validation of externally entered SQL statements. An...

Vehicle Parking Management System profile.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter firstname in the file /users/profile.php that lacks validation of an externally entered SQL statement. An attack...

Vehicle Parking Management System view--detail.php file SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter viewid in the file /users/view--detail.php that lacks validation of externally entered SQL statements. An attack...

Vehicle Parking Management System manage-category.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /admin/manage-category.php. An attacker...

Apache Tomcat Competitive Conditions Issue Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a Competitive Conditions Issue vulnerability, which can be exploited by an attacker to cause a denial of...

Apache Tomcat Resource Management Error Vulnerability (CNVD-2025-16618)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. Apache Tomcat has a Resource Management Error vulnerability that originates from an HTTP/2 client not acknowledging the initial setu...

Apache Tomcat Input Validation Error Vulnerability (CNVD-2025-16617)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. An input validation error vulnerability exists in Apache Tomcat, which stems from an integer overflow, and can be exploited by an...

Tenda FH1201 Buffer Overflow Vulnerability (CNVD-2025-16633)

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a buffer overflow vulnerability, which originates from the parameter mitssid in the file /goform/AdvSetWrlsafeset that fails to correctly validate the length and size of the input data, which can be exploited by...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2025-16603)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server, which stems from a modproxyhttp2 assertion failure that can be...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2025-16608)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a denial of service vulnerability that can be exploited by an attacker to cause a denial of service...

Apache HTTP Server Access Control Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...

Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

Apache HTTP Server server-side request forgery vulnerability (CNVD-2025-16613)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...

Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2025-16612)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to manipulate the...

Tenda FH1202 /goform/PPTPUserSetting File Buffer Overflow Vulnerability

The Tenda FH1202 is a wireless router from Tenda China. The Tenda FH1202 version 1.2.0.14408 suffers from a buffer overflow vulnerability, which originates from the function fromPptpUserSetting parameter delno in the file /goform/PPTPUserSetting failing to correctly validate the length of the inp...

Google Pixel Buffer Overflow Vulnerability (CNVD-2025-16956)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that stems from a lack of bounds checking, which allows out-of-bounds reads of memory and can be exploited by an attacker to run arbitrary code in the context of an...