Cisco ISE and ISE-PIC File Upload Vulnerability

Cisco ISE and Cisco ISE-PIC are both products of the U.S. Cisco Cisco.Cisco ISE is the identity services engine introduced by Cisco, mainly used for network access control and security management.Cisco ISE-PIC is the passive identity connector of the Cisco Identity Services Engine, which is mainl...

SQL Injection Vulnerability in ERP System of Shenzhen Mingyuan Cloud Technology Co.

The ERP system is a comprehensive information management platform that integrates the functions of housing, customers, sales, finance and human resources. ERP system of Shenzhen Mingyuan Cloud Technology Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by attackers to...

SQL Injection Vulnerability in UFIDA U8Cloud of UFIDA Network Technology Co. Ltd (CNVD-2025-17961)

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A SQL injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive information from the database...

Unauthorized Access Vulnerability in ioLogik E1210-T of Mosaic Technology (Shanghai) Co.

The ioLogik E1210-T is an industrial Ethernet module. Mosaic Technology Shanghai Co. ioLogik E1210-T suffers from an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...

D-Link DIR-619L formWlanGuestSetup Stack Overflow Vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. A stack overflow vulnerability exists in the D-Link DIR-619L /goform/formWlanGuestSetup, which stems from improperly...

WordPress DSK plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress DSK plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an attack...

WordPress Diza plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Diza plugin, which stems from improper control of the filename of an include or demand statement, and can be exploited by ...

WordPress DIOT SCADA with MQTT plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress DIOT SCADA with MQTT plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress Contact Us Page - Contact People plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Contact Us Page - Contact People plugin, which stems from insufficient input cleanup and escaping, and can be...

WordPress Color Palette plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Color Palette plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...

WordPress Click to Chat plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Click to Chat plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...

WordPress Blog2Social: Social Media Auto Post & Scheduler Plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Blog2Social: Social Media Auto Post & Scheduler Plugin suffers from a SQL injection vulnerability that stems from insufficient escaping of the prgSortPostType paramete...

WordPress Besa plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in WordPress Besa plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an attacker ...

WordPress Automation By Autonami plugin Input Validation Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An input validation error vulnerability exists in the WordPress Automation By Autonami plugin, which stems from an improper URL redirection, leading to a phishing attack. No...

WordPress Auto Attachments plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Auto Attachments plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Arconix Shortcodes plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Arconix Shortcodes plugin that originates from an improper neutralization and can be exploited by an attacker to...

WordPress Arconix FAQ plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Arconix FAQ plugin, which stems from a lack of authorization, and no detailed vulnerability details are provided...

WordPress Aora plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in WordPress Aora plugin, which stems from improper control of filenames for include or demand statements, and can be exploited by an...

WordPress AFS Analytics plugin improper access control vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress AFS Analytics plugin that stems from a lack of authorization, and no detailed vulnerability details are provided...

WordPress Advanced Settings plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Advanced Settings plugin, which stems from the WEB application not adequately verifying that a request is comi...

WordPress Advanced Sermons plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Advanced Sermons plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

VMware Avi Load Balancer SQL Injection Vulnerability

VMware Avi Load Balancer is a load balancing platform from VMware. VMware Avi Load Balancer suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

TOTOLINK X15 /boafrm/formTmultiAP file buffer overflow vulnerability

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. TOTOLINK X15 version 1.0.0-B20230714.1105 suffers from a buffer overflow vulnerability, which originates from the parameter submit-url in the file /boafrm/formTmultiAP in the HTTP POST Request Handler component...

TOTOLINK X15 /boafrm/formMultiAP File Buffer Overflow Vulnerability

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK X15 version 1.0.0-B20230714.1105, which originates from the submit-url parameter in the /boafrm/formMultiAP file failing to correctly validate the length and size...

TOTOLINK T10 Trust Management Issue Vulnerability

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. The TOTOLINK T10 suffers from a trust management issue vulnerability that stems from the use of hard-coded passwords in the file /etc/shadow.sample. An attacker could exploit the vulnerability to cause...

TOTOLINK T10 setWizardCfg function buffer overflow vulnerability

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. The TOTOLINK T10 suffers from a buffer overflow vulnerability, which originates from the parameter ssid5g in the function setWizardCfg in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the...

TOTOLINK T10 setWiFiScheduleCfg function buffer overflow vulnerability

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. The TOTOLINK T10 suffers from a buffer overflow vulnerability, which originates from the parameter desc of the function setWiFiScheduleCfg in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the...

TOTOLINK EX1200T /boafrm/formSysLog File Buffer Overflow Vulnerability

TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T 4.1.2cu.5232B20210713 suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file /boafrm/formSysLog failing to correctly validate the length size of the...

TOTOLINK EX1200T /boafrm/formSysCmd File Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file /boafrm/formSysCmd to correctly validate the length and size of the...

TOTOLINK EX1200T /boafrm/formNtp File Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file /boafrm/formNtp to correctly validate the length and size of the inpu...

TOTOLINK EX1200T /boafrm/formMultiAP File Buffer Overflow Vulnerability

TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK EX1200T version 4.1.2cu.5232B20210713, which originates from the parameter submit-url of the file /boafrm/formMultiAP in the HTTP POST Request Handler componen...

TOTOLINK A702r Buffer Overflow Vulnerability

The TOTOLINK A702r is a router device from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A702r version 4.0.0-B20230721.1521, which originates from the failure of the submit-url parameter in the /boafrm/formSysLog file to correctly validate the length of...

TOTOLINK A3002RU /boafrm/formSysLog File Buffer Overflow Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU version 3.0.0-B20230809.1615 suffers from a buffer overflow vulnerability, which originates from the failure of the submit-url parameter in the /boafrm/formSysLog file to correctly validate...

TOTOLINK A3002RU /boafrm/formMultiAP file buffer overflow vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3002RU version 3.0.0-B20230809.1615, which originates from a failure of the parameter submit-url in the file /boafrm/formMultiAP in the HTTP POST Request...

TOTOLINK A3002R /boafrm/formSysLog File Buffer Overflow Vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R version 4.0.0-B20230531.1404 suffers from a buffer overflow vulnerability, which originates from the failure of the submit-url parameter in the /boafrm/formSysLog file to correctly validate the length...

TOTOLINK A3002R /boafrm/formMultiAP file buffer overflow vulnerability

The TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R version 4.0.0-B20230531.1404 suffers from a buffer overflow vulnerability that originates from a failure of the parameter submit-url in the file /boafrm/formMultiAP in the HTTP POST Request Handle...

Tenda FH1203 Buffer Overflow Vulnerability

The Tenda FH1203 is a wireless router from Tenda China. A buffer overflow vulnerability exists in the Tenda FH1203 version 2.0.1.6, which is caused by the parameter lanMask in the fromadvsetlanip function in the file /goform/AdvSetLanip that fails to correctly validate the length of the input dat...

Fuji Electric Smart Editor Buffer Overflow Vulnerability

Fuji Electric Smart Editor is an editing software mainly used to configure and program HMI Human Machine Interface devices. A buffer overflow vulnerability exists in Fuji Electric Smart Editor, which is caused by an out-of-bounds write and can be exploited by an attacker to execute arbitrary code...

Fuji Electric Smart Editor Buffer Overflow Vulnerability

Fuji Electric Smart Editor is an editing software mainly used to configure and program HMI Human Machine Interface devices. A buffer overflow vulnerability exists in Fuji Electric Smart Editor, which originates from an out-of-bounds read and can be exploited by an attacker to execute arbitrary co...

Google Chrome Resource Management Error Vulnerability (CNVD-2025-14266)

Google Chrome is a popular web browser. A security vulnerability exists in Google Chrome V8, which originates from re-referencing or using freed memory, and can be exploited by a remote attacker to submit a special WEB request that can be tricked into being parsed by the user, which can cause the...

D-Link DIR-619L formSetDomainFilter Stack Overflow Vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. A stack overflow vulnerability exists in the D-Link DIR-619L /goform/formSetDomainFilter, which originates from...

D-Link DIR-619L formSetEmail Stack Overflow Vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. A stack overflow vulnerability exists in the D-Link DIR-619L /goform/formSetEmail, which originates from improperly...

D-Link DIR-619L formSetWizard1 Stack Overflow Vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. A stack overflow vulnerability exists in the D-Link DIR-619L /goform/formSetWizard1, which originates from improperly...

Google Chrome Integer Overflow Vulnerability

Google Chrome is a popular web browser. Google Chrome suffers from an integer overflow vulnerability that stems from improper handling of integer values, which can be exploited by an attacker to submit a special WEB request that can be tricked into being parsed by the user, crashing the applicati...

D-Link DIR-619L formSetEnableWizard Stack Overflow Vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. A stack overflow vulnerability exists in the D-Link DIR-619L /goform/formSetEnableWizard, which originates from...

Schneider Electric Modicon Controllers Input Validation Error Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from improper input validation and can be exploited by an...

WeGIA Operating System Command Injection Vulnerability

WeGIA is a web manager for welfare organizations. WeGIA suffers from an operating system command injection vulnerability that stems from the branch parameter not being properly cleaned up in the /html/configuracao/debuginfo.php endpoint. An attacker could exploit this vulnerability to execute...

WordPress ACF Onyx Poll plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ACF Onyx Poll plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

Tenda FH1205 VirtualSer Function Buffer Overflow Vulnerability

The Tenda FH1205 is a wireless router from Tenda, a Chinese company. The Tenda FH1205 version 2.0.0.7775 suffers from a buffer overflow vulnerability, which originates from the parameter page of the VirtualSer function in the file /goform/VirtualSer that fails to correctly validate the length of...

TOTOLINK N600R Buffer Overflow Vulnerability

The TOTOLINK N600R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK N600R version V4.3.0cu.7866B2022506, which stems from the UPLOADFILENAME component failing to correctly validate the length size of the input data, and can be...