Simple forum register1.php file SQL Injection Vulnerability

Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter User in the file /register1.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

Logic flaw vulnerability in DataEase of Hangzhou Feizhiyun Information Technology Co. Ltd (CNVD-2025-19437)

DataEase is open source data visualization and analysis tools. DataEase by Hangzhou Feizhiyun Information Technology Co. Ltd. has a logic flaw vulnerability that can be exploited by attackers to bypass authentication...

Inventory Management System createUser.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /phpaction/createUser.php for externally entered SQL statements. An attacker can...

Car Rental System login.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uname in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL...

Simple Pizza Ordering System large.php file SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter ID of file /large.php. An attacker can exploit this vulnerability to...

Mozilla Firefox for Android Open Redirect Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An open redirect vulnerability exists in Mozilla Firefox for Android, which can be exploited by an attacker to conduct a phishing attack by opening a link to the URL specified in the query string...

Google Chrome Security Bypass Vulnerability (CNVD-2025-15174)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient DevTools data validation, which can be exploited by an attacker to execute arbitrary code via a crafted HTML page...

Student Record System manage-subjects.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /manage-subjects.php. An attacker can exploit this vulnerability to...

Multiple Advantech Products Information Disclosure Vulnerabilities

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. An information disclosure vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause data interception and session hijacking...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17298)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in /html/matPat/adicionarunidade.php, no details of the vulnerability are provided at this time...

Cisco Identity Services Engine Authorization Issues Vulnerability (CNVD-2025-15609)

Cisco Identity Services Engine Cisco ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to regulate the network. Cisco Identity Services Engine Cisco ISE...

D-Link DIR-816 A2 Code Execution Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...

Inventory Management System editUser.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter edituserName in the file /phpaction/editUser.php. An attacker can...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17297)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /html/matPat/adicionartipoSaida.php, no details of the vulnerability are provided at this time...

Tenda AC6 Buffer Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. Tenda AC6 suffers from a buffer overflow vulnerability that originates from the deviceId parameter in the addWifiMacFilter function failing to correctly validate the length and size of the input data, no detailed vulnerability...

Adobe Commerce Incorrect Authorization Vulnerability (CNVD-2025-24442)

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. An incorrect authorization vulnerability exists in Adobe Commerce, which could be exploited by an attacker to cause a security feature bypass...

Library System add-book.php file code issue vulnerability

Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /add-book.php. An attacker can exploit this vulnerability to upload malicious files...

Zoo Management System manage-foreigners-ticket.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /admin/manage-foreigners-ticket.php. An attacker can exploit this vulnerabili...

Mattermost Information Disclosure Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from insufficient authentication of channel members, which can be exploited by an attacker to cause sensitive information to b...

Cross-Site Scripting Vulnerabilities in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A cross-site scripting vulnerability exists in multiple Advantech products. The vulnerability stems from the lack of effective filtering and escaping of...

Simple Pizza Ordering System editcus.php File SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editcus.php. An attacker can exploit this vulnerabilit...

Simple Pizza Ordering System /addpro.php File SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addpro.php. An attacker can exploit this vulnerability...

Car Rental System add_cars.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter carname in the file /admin/addcars.php. An attacker can use this vulnerability to execute illegal S...

Car Rental System approve.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter ID in file /admin/approve.php. An attacker can exploit this vulnerability to execute illegal SQL...

Car Rental System book_car.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fname in the file /bookcar.php. The vulnerability can be exploited to execute illegal SQL...

Car Rental System signup.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fname in the file /signup.php. The vulnerability can be exploited to execute illegal SQL...

Daily Expense Manager Cross-Site Scripting Vulnerability

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter username in the file /login.php, which can be exploited by an...

Daily Expense Manager register.php File Cross-Site Scripting Vulnerability

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters password and confirmpassword in the file /register.php, which ca...

Daily Expense Manager update.php File SQL Injection Vulnerability

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...

Daily Expense Manager User Enumeration Vulnerability

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a user enumeration vulnerability that stems from the unvalidated parameter name in the file /check.php, no details of the vulnerability are available at this time...

Student Record System register.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /register.php. An attacker can exploit this vulnerability to execute...

Student Record System manage-students.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /manage-students.php. An attacker can exploit this vulnerability to...

Dairy Farm Shop Management System manage-categories.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . Dairy Farm Shop Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in manage-categories.php. This vulnerability can be...

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CNVD-2025-23056)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Delta Electronics DTN Soft Code Execution Vulnerability (CNVD-2025-22959)

Delta Electronics DTN Soft is a temperature controller software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics DTN due to deserialization of untrustworthy data. An attacker can exploit this vulnerability to execute arbitrary code on the system...

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2025-23055)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from an elevation of privilege vulnerability that is caused by improper input validation. An attacker could exploit the vulnerability to gain elevate...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2025-23054)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to perform spoofing attacks...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2025-23053)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to perform spoofing attacks...

FileBrowser Command Injection Vulnerability (CNVD-2025-22706)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a command injection vulnerability, which is caused by a flaw in the command execution...

FileBrowser has an unspecified vulnerability (CNVD-2025-22705)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from the lack of password policy and brute force protection,...

FileBrowser has an unspecified vulnerability (CNVD-2025-22703)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from an improper implementation of password-protected links,...

FileBrowser has an unspecified vulnerability (CNVD-2025-22702)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...

FileBrowser Cross-Site Scripting Vulnerability

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of user inpu...

FileBrowser Command Injection Vulnerability

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a command injection vulnerability that can be exploited by an attacker to gain read and write...

Teachers Record Management System edit-teacher-detail.php File SQL Injection Vulnerability

Teachers Record Management System is a teacher record management system. Teachers Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter tid in the file /admin/edit-teacher-detail.php. A...

Teachers Record Management System changeimage.php File SQL Injection Vulnerability

Teachers Record Management System is a teacher record management system. The Teachers Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter tid in the file /admin/changeimage.php. An...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17299)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Nome/Sobrenome in the file /html/atendido/CadastroAtendido.php, no details of the...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17295)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /html/matPat/adicionarcategoria.php, no details of the vulnerability are provided at this time...

Unspecified Vulnerability in Tenable Nessus

Tenable Nessus is a network vulnerability scanning tool developed by Tenable, Inc. to detect security vulnerabilities in networks and provide recommendations for fixing them. Tenable Nessus has a security vulnerability that can be exploited by an attacker to overwrite arbitrary local system files...

OpenBao Log Information Disclosure Vulnerability

OpenBao is OpenBao open source a sensitive data management software . Versions of OpenBao prior to 2.3.0 suffer from a log message disclosure vulnerability that is exploited by attackers to disclose sensitive information...