Arbitrary File Read Vulnerability in UFIDA-Government Financial System of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

SAMSUNG rLottie Directory Traversal Vulnerability

SAMSUNG rLottie is a platform-independent, standalone c++ library for real-time rendering of vector-based animation and art from Samsung South Korea. A directory traversal vulnerability exists in SAMSUNG rLottie, which can be exploited by an attacker to traverse directories on a system...

SAMSUNG rLottie Code Execution Vulnerability

SAMSUNG rLottie is a platform-independent, standalone c++ library for real-time rendering of vector-based animation and art from Samsung South Korea. A code execution vulnerability exists in SAMSUNG rLottie, which can be exploited by an attacker to execute arbitrary code on a system...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-15490)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

Adobe Commerce Incorrect Authorization Vulnerability (CNVD-2025-24441)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An incorrect authorization vulnerability exists in Adobe Commerce, which could be exploited by an attacker to cause a security feature bypass...

Denial of Service Vulnerability in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A denial of service vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause a denial of service...

Old Age Home Management System SQL Injection Vulnerability

Old Age Home Management System is a nursing home management system. Old Age Home Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emeradd in file /admin/add-scdetails.php. An attacker can...

Staff Audit System /update_index.php File SQL Injection Vulnerability

Staff Audit System is an employee audit system. Staff Audit System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter updateid in the file /updateindex.php. An attacker can exploit this vulnerability to...

FileBrowser has an unspecified vulnerability (CNVD-2025-22704)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that originates from an access token passed as a GET parameter, which c...

Inventory Management System removeUser.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /phpaction/removeUser.php for externally entered SQL statements. An attacker can...

Zoo Management System view-normal-ticket.php file SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-normal-ticket.php. An attacker can exploit this...

Dairy Farm Shop Management System manage-companies.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . Dairy Farm Shop Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in manage-companies.php. No details of the vulnerability...

Denial of Service Vulnerability in Multiple Advantech Products (CNVD-2026-13233)

Advantech WISE-4060LAN is an industrial automation controller from Advantech, Taiwan, China. A denial of service vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause a remote denial of service and system unavailability...

Student Record System session.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /session.php. An attacker can exploit this vulnerability to execute...

Mozilla Firefox and Firefox ESR Cross-Site Scripting Vulnerability (CNVD-2025-15493)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A cross-site scripting vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by an attacker to steal a victim's cookie-based authentication credential...

D-Link DI-7300G+ Command Injection Vulnerability

The D-Link DI-7300G+ is a ruggedized, enterprise-grade smart gateway from China-based D-Link. The D-Link DI-7300G+ suffers from a command injection vulnerability that is caused by a flaw in httpddebug.asp. An attacker can exploit this vulnerability to execute arbitrary operating system commands o...

Dell OpenManage Network Integration Authentication Vulnerability

Dell OpenManage Network Integration is a set of system management tools provided by Dell for integrating third-party management platforms such as PowerEdge servers, VMware vCenter, and others. An authentication vulnerability exists in Dell OpenManage Network Integration that originates from an...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17296)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Insira o novo tipo in the file /html/matPat/adicionartipoEntrada.php No detailed...

Pre-School Enrollment System Project Directory Traversal Vulnerability

The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths when handling directory requests in manage-classes.php, and can be exploited...

TOTOLINK T6 Authentication Error Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An authentication error vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from a lack of authentication in the parameter authCode/goURL in the file /formLoginAuth.htm. An attacker could...

TOTOLINK A702r Buffer Overflow Vulnerability

The TOTOLINK A702r is a router device from China's Gion Electronics TOTOLINK. The TOTOLINK A702r version 4.0.0-B20230721.1521 suffers from a buffer overflow vulnerability, which originates from the parameter submit-url in the file /boafrm/formParentControl that fails to validate the length and si...

TOTOLINK A3002RU /boafrm/formWlSiteSurvey File Buffer Overflow Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU version 3.0.0-B20230809.1615 suffers from a buffer overflow vulnerability, which originates from the parameter submit-url in the file /boafrm/formWlSiteSurvey failing to correctly validate t...

TOTOLINK A3002RU Buffer Overflow Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file /boafrm/formParentControl to correctly validate the length and size of...

Tenda AC5 Stack Buffer Overflow Vulnerability (CNVD-2025-15273)

Tenda AC5 is a wireless router from Tenda, a Chinese company. The Tenda AC5 suffers from a stack buffer overflow vulnerability, which originates from the failure of the parameters time and timeZone in the file /goform/SetSysTimeCfg to correctly validate the length of the input data, which can be...

Tenda AC5 Stack Buffer Overflow Vulnerability

Tenda AC5 is a wireless router from Tenda, a Chinese company. The Tenda AC5 suffers from a stack buffer overflow vulnerability that originates from the failure of the parameters schedStartTime and schedEndTime in the file /goform/openSchedWifi to properly validate the length of the input data,...

D-Link DIR-513 Buffer Overflow Vulnerability

D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 version 1.0 suffers from a buffer overflow vulnerability, which originates from the parameter curTime in the file /goform/formSetWanPPTP that fails to correctly validate the length and size of the input data,...

D-Link DI-8100 Buffer Overflow Vulnerability

The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 16.07.21, which originates from the parameter mschapen in the file /pppoebase.asp that fails to...

Dell NetWorker Algorithm Downgrade Vulnerability

Dell NetWorker is data protection software provided by Dell. Dell NetWorker suffers from an algorithm degradation vulnerability that can be exploited by an attacker to cause information disclosure...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15500)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which originates from External App Open Prompt for Android can be bypassed and can be exploited by attackers to bypass security restrictions...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15499)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from the connect-src directive can be bypassed, and can be exploited by attackers to bypass security restrictions...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15497)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from a flaw in Multi-Account Containers, and can be exploited by attackers to bypass security restrictions...

Information Disclosure Vulnerability in Multiple Mozilla Products (CNVD-2025-15491)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in several Mozilla...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-15489)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2025-15175)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient policy enforcement in the Loader component, which can be exploited by an attacker to bypass content security policies...

Tenda AC1206 Buffer Overflow Vulnerability

The Tenda AC1206 is a wireless Gigabit router from Tenda China. The Tenda AC1206 suffers from a buffer overflow vulnerability that originates from the formSetCfm function failing to properly validate the length of the input data, which can be exploited by an attacker to cause a denial of service...

Staff Audit System /search_index.php File SQL Injection Vulnerability

Staff Audit System is an employee audit system. Staff Audit System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /searchindex.php. An attacker can exploit this vulnerability to execut...

OpenBao Input Validation Error Vulnerability

OpenBao is OpenBao open source a sensitive data management software . OpenBao has an input validation error vulnerability that can be exploited by an attacker to cause a denial of service...

Memory Error Vulnerability in Multiple Mozilla Products

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory error vulnerability exists in several Mozilla products, which c...

Unspecified Vulnerability in SAMSUNG rLottie

SAMSUNG rLottie is a platform-independent, standalone c++ library for real-time rendering of vector-based animation and art from Samsung South Korea. A security vulnerability exists in SAMSUNG rLottie, which can be exploited by attackers to cause a buffer over-read...

Command Execution Vulnerability in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A command execution vulnerability exists in multiple Advantech products, which can be exploited by an attacker to remotely control a relay channel...

Open5GS Denial of Service Vulnerability (CNVD-2025-18571)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS, which can be exploited by attackers to cause service disruption...

SAMSUNG rLottie Code Execution Vulnerability (CNVD-2025-20017)

SAMSUNG rLottie is a platform-independent, standalone c++ library for real-time rendering of vector-based animation and art from Samsung South Korea. A code execution vulnerability exists in SAMSUNG rLottie, which can be exploited by an attacker to execute arbitrary code on a system...

Multiple Advantech Product File Upload Vulnerabilities

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A file upload vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause a backdoor installation or elevation of privilege...

Code Execution Vulnerabilities in Multiple Advantech Products

The Advantech WISE-4010LAN, WISE-4050LAN, and WISE-4060LAN are all industrial automation controllers from Advantech of Taiwan, China. A code execution vulnerability exists in multiple Advantech products, which can be exploited by attackers to inject or modify firmware via the JTAG interface...

SQL Injection Vulnerability in Web Webmaster User Login of Xinhua San Technologies Co.

Xinhua San Technology Co., Ltd. is the industry's leading digital solutions leader, committed to becoming the most trusted partner for customers' business innovation and digital transformation. A SQL injection vulnerability exists in the Web network management user login of Xinhua San Technologie...

D-Link DCS-7517 Trust Management Issues Vulnerability

D-Link DCS-7517 is a network camera from China AUO D-Link. A trust management issue vulnerability exists in the D-Link DCS-7517 version 2.02.0 and earlier, which stems from the use of hard-coded passwords. An attacker could exploit the vulnerability to cause confidentiality to be compromised...

FileBrowser Command Injection Vulnerability (CNVD-2025-22700)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a command injection vulnerability that can be exploited by an attacker to execute arbitrary...

Cisco Unified Communications Manager Static SSH Credentials Vulnerability

Cisco Unified Communications Manager is a call processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A static SSH credentials vulnerability exists in Cisco Unified...

Google Chrome Resource Management Error Vulnerability (CNVD-2025-15176)

Google Chrome is a web browser from Google, an American company. A resource management error vulnerability exists in versions of Google Chrome prior to 138.0.7204.49, which stems from a mix-up in the instructions responsible for freeing memory in the Animation component, and can be exploited by a...

Mattermost Elevation of Privilege Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an elevation of privilege vulnerability that stems from insufficient validation of channel member management privileges, which can be exploited by an attacker to cause...