Tenda FH1201 Buffer Overflow Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 version 1.2.0.14408 suffers from a buffer overflow vulnerability that originates from the page parameter of the /goform/SafeMacFilter file failing to correctly validate the length of the input data, which can be exploited by...

Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-15721)

Tenda AC6 is a dual-band wireless router from Tenda. Tenda AC6 suffers from a buffer overflow vulnerability that originates from the failure of the schedStartTime and schedEndTime parameters in the /goform/openSchedWifi endpoints to correctly validate the length size of the input data, and no...

SONY XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability

The SONY XAV-AX8500 is a car AV receiver with enhanced features. The SONY XAV-AX8500 suffers from a channel authentication bypass vulnerability that stems from improper implementation of Bluetooth ERTM channel communication, which can be exploited by an attacker to gain unauthorized access to the...

SONY XAV-AX8500 Bluetooth Incorrect Isolation Validation Bypass Vulnerability

The SONY XAV-AX8500 is a car AV receiver with enhanced features. The SONY XAV-AX8500 suffers from an authentication bypass vulnerability that stems from an improperly implemented Bluetooth ACL-U link, which can be exploited by an attacker to gain unauthorized access to the system...

SONY XAV-AX8500 Heap Buffer Overflow Vulnerability

The SONY XAV-AX8500 is a car AV receiver with enhanced features. The SONY XAV-AX8500 suffers from a heap buffer overflow vulnerability that stems from an improper implementation of the Bluetooth AVCTP protocol, which can be exploited by an attacker to execute arbitrary code...

SONY XAV-AX8500 Input Validation Error Vulnerability

The SONY XAV-AX8500 is a car AV receiver with enhanced features. The SONY XAV-AX8500 suffers from an input validation error vulnerability that stems from an improper implementation of the Bluetooth SDP protocol resulting in an integer overflow, which can be exploited by an attacker to execute...

SONY XAV-AX8500 Heap Buffer Overflow Vulnerability

The SONY XAV-AX8500 is a car AV receiver with enhanced features. The SONY XAV-AX8500 suffers from a heap buffer overflow vulnerability that stems from an improper implementation of the Bluetooth L2CAP protocol, which can be exploited by an attacker to execute arbitrary code...

SONY XAV-AX8500 Integer Overflow Vulnerability

The SONY XAV-AX8500 is a car AV receiver with enhanced features. The SONY XAV-AX8500 suffers from an integer overflow vulnerability that originates from improper Bluetooth packet handling resulting in an integer overflow that can be exploited by an attacker to execute arbitrary code...

WeGIA SQL Injection Vulnerability (CNVD-2025-17301)

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

D-Link DIR-619L formdumpeasysetup stack overflow vulnerability

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. A stack overflow vulnerability exists in the D-Link DIR-619L /goform/formdumpeasysetup, which originates from...

WordPress AI Image Lab - Free AI Image Generator plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AI Image Lab - Free AI Image Generator plugin, which stems from missing or incorrect validation of random...

WordPress Digital Marketing and Agency Templates Addons for Elementor plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Digital Marketing and Agency Templates Addons for Elementor plugin, which stems from missing or incorrect nonc...

WordPress CubeWP Forms plugin authorization issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization issue vulnerability exists in the WordPress CubeWP Forms plugin that stems from a lack of authorization and can be exploited by an attacker to configure incorre...

Schneider Electric Modicon Controllers Resource Management Error Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric France. A resource management error vulnerability exists in Schneider Electric Modicon Controllers, which arises from uncontrolled resource consumption and can be exploited...

TOTOLINK X15 /boafrm/formSysLog File Buffer Overflow Vulnerability

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK X15 version 1.0.0-B20230714.1105, which originates from the parameter submit-url in the file /boafrm/formSysLog failing to correctly validate the length and size ...

Hostel Management system SQL Injection Vulnerability

Hostel Management System is a dormitory management system designed specifically for schools or organizations. Hostel Management system suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the studentrollno parameter in the...

Open5GS Buffer Overflow Vulnerability (CNVD-2025-18574)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that is caused by incorrect bounds checking in the ogspfcpsubnetadd function in the pfcp library. No detailed...

Schneider Electric Modicon Controllers Input Validation Error Vulnerability (CNVD-2025-15352)

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. An input validation error vulnerability exists in Schneider Electric Modicon Controllers that stems from improper input validation and can be exploited by an...

Apache CloudStack Information Disclosure Vulnerability (CNVD-2025-15706)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from an information disclosure vulnerabilit...

Hostel Management System /login-hm.inc.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the Username parameter of the /includes/login-hm.inc.php file. An attacker can use this...

ASUS Armoury Crate Competitive Conditions Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from a Competitive Condition Vulnerability, which stems from a check-use timing issue that can be exploited by an attacker to cause...

Nipah virus Testing Management System /bwdates-report-ds.php file SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the testtype parameter of the /bwdates-report-ds.php fil...

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-2025-17850)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

File Write Vulnerability in ModStartCMS of Xi'an Yan Yan Information Technology Co.

ModStartCMS is a modular content management system based on the Laravel framework. A file write vulnerability exists in ModStartCMS, which can be exploited by attackers to gain server privileges...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-2025-17836)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Open5GS Buffer Overflow Vulnerability

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service...

Open5GS Denial of Service Vulnerability (CNVD-2025-18572)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited by an attacker to cause a denial of service...

Apache CloudStack Elevation of Privilege Vulnerability

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...

QNAP QHora Operating System Command Injection Vulnerability

The QNAP QHora is a router from the Taiwan, China-based company Qualicom Technology QNAP. QNAP QHora suffers from an operating system command injection vulnerability that stems from the application's failure to properly filter constructed command special characters, commands, etc. No details of t...

Apache CloudStack Authorization Issues Vulnerability

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An authorization issue vulnerability exists in Apache CloudStack...

Apache InLong Deserialization Vulnerability (CNVD-2025-15707)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.13.0 to 2.1.0. The vulnerability stems from unsafe...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15403)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. QNAP File Station 5 suffers from a trust management issue vulnerability that stems from improper certificate validation, no details of the vulnerability are...

QNAP File Station 5 Code Issue Vulnerability

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP File Station 5 that stems from a null pointer dereference, which can be exploited by an attacker to cause a denial of service...

QNAP File Station 5 Resource Management Error Vulnerability

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A resource management error vulnerability exists in QNAP File Station 5, which arises from an unrestricted resource allocation and can be exploited by an attacker to prevent other systems from accessing...

QNAP QHora Authorization Issues Vulnerability

The QNAP QHora is a router from the Taiwan, China-based company Qualicom Technology QNAP. QNAP QHora has an authorization issue vulnerability that stems from improper authentication, and no detailed vulnerability details are available at this time...

Nipah virus Testing Management System /registered-user-testing.php SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter testtype in the file...

SQL Injection Vulnerability in PbootCMS

PbootCMS is the new core and permanent open source free PHP enterprise web development and construction management system. PbootCMS SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database information...

Chat System confirm_password.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /user/confirmpassword.php. An attacker can exploit this vulnerability to execute illegal SQL...

Hostel Management System allocate_room.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchbox in the file /allocateroom.php. An attacker can exploit this...

Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15351)

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric, France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...

Apache NuttX Buffer Overflow Vulnerability (CNVD-2025-15708)

Apache NuttX is a real-time embedded operating system from the Apache Foundation. A buffer overflow vulnerability exists in Apache NuttX versions prior to 6.22 through 12.9.0, which stems from an application boundary error when handling untrusted input and can be exploited by an attacker to cause...

SAP Commerce Information Disclosure Vulnerability

SAP Commerce is a cloud-based e-commerce solution developed by SAP. An information disclosure vulnerability exists in SAP Commerce, which stems from the use of the deprecated X-FRAME-OPTIONS header to prevent clickjacking, and can be exploited by an attacker to disclose and tamper with sensitive...

SAP Manage Processing Rules Authorization Issues Vulnerability

SAP is enterprise applications, enterprise resource management applications, supply chain management applications, procurement applications, travel and expense management software. An authorization issue vulnerability exists in SAP Manage Processing Rules, which stems from insufficient...

SAP Business One Integration Framework Access Control Error Vulnerability

SAP Business One Integration Framework is an integration solution for growing organizations. An access control error vulnerability exists in SAP Business One Integration Framework, which stems from insufficient security settings checking, and can be exploited by an attacker to cause a bypass 403...

Red Hat Connectivity Link Information Disclosure Vulnerability

Red Hat Connectivity Link is a Kubernetes network connectivity management platform from Red Hat, USA. Red Hat Connectivity Link suffers from an information disclosure vulnerability that stems from improper key storage, which can be exploited by an attacker to cause information disclosure...

Red Hat Connectivity Link Resource Management Error Vulnerability

Red Hat Connectivity Link is a Kubernetes network connectivity management platform from Red Hat, USA. Red Hat Connectivity Link has a resource management error vulnerability that can be exploited by an attacker to cause the Authorino service to crash...

Red Hat Connectivity Link Resource Management Error Vulnerability

Red Hat Connectivity Link is a Kubernetes network connectivity management platform from Red Hat, USA. Red Hat Connectivity Link suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption by an application, which can be exploited by an attacker to caus...

QNAP File Station 5 Buffer Overflow Vulnerability

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. QNAP File Station 5 suffers from a buffer overflow vulnerability that originates from an out-of-bounds read and can be exploited by an attacker to cause a data leak...

Schneider Electric Modicon Controllers Cross-Site Scripting Vulnerability (CNVD-2025-15353)

Schneider Electric Modicon Controllers are a series of Modicon series programmable logic controllers from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Modicon Controllers that originates from improper input neutralization during web page generation...