130931 matches found
Multiple Advantech products have unspecified vulnerabilities
Advantech WISE-4060LAN is an industrial automation controller from Advantech, Taiwan, China. A security vulnerability exists in multiple Advantech products, which can be exploited by attackers to cause brute force exploits and account takeovers...
WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17300)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Nome/Sobrenome in the file /html/funcionario/cadastrofuncionario.php, for which no detailed...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2025-15502)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which can be exploited by attackers to bypass security restrictions...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-2025-18623)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Arbitrary File Read Vulnerability in Privileged Account and Operation and Maintenance Audit System of Sanwei Xinan Technology Co.
Privileged Account and Operation and Maintenance Audit System focuses on the full life cycle management and operation behavior monitoring of high-privileged accounts. The product prevents the risk of unauthorized access by centralizing the control of privileged accounts and implementing mechanism...
Command Execution Vulnerability in MSG2200 at Resconda Technology Development Co.
Ltd. is an industry-leading provider of optical networking products and system solutions. A command execution vulnerability exists in the MSG2200 of Riseconda Technology Development Corporation, which can be exploited by an attacker to execute arbitrary commands...
Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2025-14800)
Google Chrome is a web browser from Google, an American company. A type confusion vulnerability exists in Google Chrome V8. The vulnerability is caused due to the V8 engine improperly handling bounds checking and type conversion for certain data types when executing JavaScript code, resulting in...
UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00818)
The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...
NETGEAR WNCE3001 Buffer Overflow Vulnerability
The NETGEAR WNCE3001 is a dual-band wireless network adapter designed for smart TVs, Blu-ray players, and other devices that connect wirelessly via an Ethernet interface. The NETGEAR WNCE3001 suffers from a buffer overflow vulnerability that stems from the HTTP POST request handler mishandling th...
Shenzhen Mingyuan Cloud Technology Co., Ltd Mingyuan Cloud ERP suffers from SQL injection vulnerability (CNVD-2025-18511)
Mingyuan Cloud ERP is a Business Management software developed by Mingyuan Cloud Technology Co. Ltd. Mingyuan Cloud ERP SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in the database...
UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00820)
The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...
UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00819)
The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...
COVID19 Testing Management System Input Validation Error Vulnerability
The COVID19 Testing Management System is a new crown pneumonia testing management system. The COVID19 Testing Management System has an input validation error vulnerability that originates from an open redirect due to the operation of the parameter q in the file /search-report-result.php. No detai...
Logic Flaw Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.
Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of IT intelligent security operation and maintenance, data governance, security services and other fields in China. A logic flaw exists in the...
Inventory Management System editOrder.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of user input in the /phpaction/editOrder.php file. No details of the vulnerability are available at this time...
Inventory Management System removeProduct.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the /phpaction/removeProduct.php file not securely filtering the productId parameter. An attacker can exploit this vulnerability to remote...
HDF5 Buffer Overflow Vulnerability (CNVD-2025-16249)
HDF5 is a data management suite developed by The HDF Group for storing and managing large-scale scientific data. A security vulnerability exists in the H5Omtimenewencode function in the src/H5Omtime.c file of HDF5 version 1.14.6, which stems from improper handling of data boundaries. An attacker...
Inventory Management System editPayment.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of the orderId parameter in the file /phpaction/editPayment.php. No details of the vulnerability are available at this time...
Inventory Management System createOrder.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates in the /phpaction/createOrder.php file, which does not adequately filter user input. An attacker can exploit this vulnerability by remotely...
Inventory Management System removeBrand.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from improper handling of the brandId parameter in the /phpaction/removeBrand.php file. No details of the vulnerability are available at this time...
Binary Vulnerability in Unisys UOS Browser at Unisys Software Technology Limited (CNVD-2025-18469)
Unisys Software Technology Co., Ltd. is a company specializing in the development and service of operating systems. A binary vulnerability exists in the Unisys UOS Browser, which can be exploited by attackers to cause a denial of service...
Inventory Management System editProduct.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from improper handling of the editProductName parameter in the /phpaction/editProduct.php file. No details of the vulnerability are available at this time...
Dell Unisphere for PowerMax vApp Static Code Injection Vulnerability
Dell Unisphere is a unified storage management platform from Dell. A static code injection vulnerability exists in Dell Unisphere for PowerMax vApp, which arises from failure to properly neutralize instructions in static saved code. An attacker could exploit this vulnerability to execute arbitrar...
TOTOLINK X15 Buffer Overflow Vulnerability
TOTOLINK X15 is a network wireless extender manufactured by China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a buffer overflow vulnerability that originates from improper handling of the submit-url parameter in the /boafrm/formParentControl file in the HTTP POST request handling...
TOTOLINK A702R Buffer Overflow Vulnerability
The TOTOLINK A702R is a router device manufactured by China's Gion Electronics TOTOLINK. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from improper handling of the submit-url parameter in the /boafrm/formWlSiteSurvey file in the HTTP POST request handling...
Inventory Management System createProduct.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the /phpaction/createProduct.php file not securely filtering the productName parameter. No details of the vulnerability are available at this time...
HDF5 Buffer Overflow Vulnerability (CNVD-2025-16232)
HDF5 is an open source file format and library for storing and managing large-scale scientific data. HDF5 suffers from a heap buffer overflow vulnerability that originates from an exception in the handling of the H5Ochunkprotect function in the file /src/H5Ochunk.c. An attacker can exploit this...
Inventory Management System orders.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from a parameter i in the file /orders.php that is not securely filtered. An attacker can exploit this vulnerability by remotely injecting...
Binary Vulnerability in Unisys UOS Browser at Unisys Software Technology Limited (CNVD-2025-18468)
Unisys Software Technology Co., Ltd. is a company specializing in the development and service of operating systems. A binary vulnerability exists in the Unisys UOS Browser, which can be exploited by attackers to cause a denial of service...
Binary Vulnerability in Unisys UOS Browser at Unisys Software Technology Ltd.
Unisys Software Technology Co., Ltd. is a company specializing in the development and service of operating systems. A binary vulnerability exists in the Unisys UOS Browser, which can be exploited by attackers to cause a denial of service...
HDF5 Resource Management Error Vulnerability
HDF5 is a data management suite developed by The HDF Group for storing and managing large-scale scientific data. A security vulnerability exists in HDF5 version 1.14.6, which originates from an exception in the handling of the H5Cloadentry function in the /src/H5Centry.c file. An attacker can...
HDF5 Buffer Overflow Vulnerability (CNVD-2025-16248)
HDF5 is a data management suite developed by The HDF Group for storing and managing large-scale scientific data. A buffer overflow vulnerability exists in HDF5 1.14.6 and earlier versions, which stems from improper handling of the H5Ofsinfoencode function in the /src/H5Ofsinfo.c file. An attacker...
Dell PowerScale OneFS SQL Injection Vulnerability
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a SQL injection vulnerability that originates from improper neutralization of special elements in SQL commands, which can be...
Pre-School Enrollment System visit.php file SQL Injection Vulnerability
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter gname in the file /visit.php. An attacker can...
Online Hotel Reservation System order.php File SQL Injection Vulnerability
Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Start in the file /reservation/order.php. The...
TOTOLINK X15 /boafrm/formIpv6Setup File Buffer Overflow Vulnerability
TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file /boafrm/formIpv6Setup failing to correctly validate the length and size of the input data, which...
TOTOLINK X15 Buffer Overflow Vulnerability
TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file /boafrm/formIPv6Addr to properly validate the length and size of the input...
TOTOLINK N300RH Buffer Overflow Vulnerability
TOTOLINK N300RH is a long range wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N300RH suffers from a buffer overflow vulnerability that originates from the parameter servicetype in the file /boafrm/formPortFw that fails to correctly validate the length and size of the input...
TOTOLINK N150RT os Command Injection Vulnerability
The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from an os command injection vulnerability that stems from the parameter targetAPSsid in the file /boa/formWSC failing to correctly filter constructed command special characters, commands,...
Red Hat Build of Keycloak Information Disclosure Vulnerability
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...
TOTOLINK CA300-PoE wps.so file command injection vulnerability
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE wps.so file, which originates from the parameter PIN of the file wps.so failing to correctly filter constructed command special characters,...
TOTOLINK CA300-PoE upgrade.so file command injection vulnerability
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE upgrade.so file, which stems from the parameter FileName of the file upgrade.so failing to correctly filter construct command special characters...
TOTOLINK CA300-PoE ap.so file command injection vulnerability
TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CA300-PoE ap.so file, which originates from the parameter hour/minute in the file ap.so failing to correctly filter constructed command special characters...
D-Link DIR-619L /formAutoDetecWAN_wizard4 File Stack Buffer Overflow Vulnerability
The D-Link DIR-619L is a wireless router from China-based AUO D-Link. A stack buffer overflow vulnerability exists in the D-Link DIR-619L /formAutoDetecWANwizard4 file due to incorrect boundary checking in the function formAutoDetecWANwizard4 of the file /goform/formAutoDetecWANwizard4 caused. An...
TOTOLINK A3002RU/A3002R Buffer Overflow Vulnerability
TOTOLINK A3002RU and TOTOLINK A3002R are both products of China Gion Electronics TOTOLINK.TOTOLINK A3002RU is a wireless router product.TOTOLINK A3002R is a wireless router product. A buffer overflow vulnerability exists in the TOTOLINK A3002RU and TOTOLINK A3002R, which originates from the...
Pre-School Enrollment System check_availability.php File SQL Injection Vulnerability
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file /admin/checkavailability.ph...
Art Gallery Management System add-artist.php File SQL Injection Vulnerability
Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter awfuldetails in the file /admin/add-artist.php. An attacker...
Simple Pizza Ordering System edituser.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /edituser.php. An attacker can exploit this vulnerabili...
Simple Pizza Ordering System update.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /update.php. An attacker can exploit this vulnerability...
Simple Pizza Ordering System addmem.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /addmem.php. An attacker can exploit this vulnerability to execute illegal...