NETGEAR EX3700 Stack Buffer Overflow Vulnerability

The NETGEAR EX3700 is a dual-band wireless accessor with a maximum transmission rate of 750Mbps. The NETGEAR EX3700 suffers from a stack buffer overflow vulnerability that stems from the lack of proper validation of user-supplied data in the function sub41619C in file/mtd, which can be exploited ...

QNAP License Center Cross-Site Scripting Vulnerability

QNAP License Center is a certificate center of Qualicom Technology QNAP Inc. in Taiwan, China. QNAP License Center suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data. An attacker could exploit this...

QNAP File Station 5 Trust Management Issues Vulnerability

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. A trust management issue vulnerability exists in QNAP File Station 5, which stems from improper certificate validation, and can be exploited by an attacker to...

QNAP File Station 5 Code Issue Vulnerability (CNVD-2025-14209)

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP File Station 5 that stems from a null pointer dereference, which can be exploited by an attacker to cause a denial of service...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15265)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. QNAP File Station 5 suffers from a trust management issue vulnerability that stems from improper certificate validation, no details of the vulnerability are...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15404)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. QNAP File Station 5 suffers from a trust management issue vulnerability that stems from improper certificate validation, no details of the vulnerability are...

QNAP File Station 5 Path Traversal Vulnerability

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. A path traversal vulnerability exists in QNAP File Station 5, which stems from the program failing to properly filter special elements in the path of a resource...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15402)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. A trust management issue vulnerability exists in QNAP File Station 5, which stems from improper certificate validation, and can be exploited by an attacker to...

QNAP File Station 5 Code Issue Vulnerability (CNVD-2025-14210)

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP File Station 5 that stems from a null pointer dereference, which can be exploited by an attacker to cause a denial of service...

QNAP File Station 5 Code Issue Vulnerability (CNVD-2025-14211)

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A code issue vulnerability exists in QNAP File Station 5 that stems from a null pointer dereference, which can be exploited by an attacker to cause a denial of service...

Unspecified Vulnerability in QNAP File Station 5

QNAP File Station 5 is a file management system from Taiwan, China-based QNAP Technology QNAP. A security vulnerability exists in QNAP File Station 5, which stems from an unrestricted resource allocation and can be exploited by an attacker to cause resource exhaustion...

QNAP File Station 5 Trust Management Issues Vulnerability (CNVD-2025-15406)

QNAP File Station 5 is a file management system launched by Weilian Technology, which is mainly used for file management of NAS devices. QNAP File Station 5 suffers from a trust management issue vulnerability that stems from improper certificate validation, no details of the vulnerability are...

Apache CloudStack elevation of privilege vulnerability (CNVD-2025-20874)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...

SQL Injection Vulnerability in Beijing Jiushi Synergy Software Co., Ltd.'s Jiushi Synergy Office System (CNVD-2025-17671)

Nine Si Collaborative Office System is an organization management software for state-owned enterprises, government, enterprises and institutions independently developed by Beijing Nine Si Collaborative Software Co. Beijing Jiushi Collaboration Software Co., Ltd Jiushi Collaboration Office System...

Logic Flaw Vulnerability in Firewall of Zhongke Shenwei Information Technology Co.

Ltd. is an enterprise specializing in network security technology research, network security products, independent controllable Xinchuang software and hardware products development, production, sales and service. Ltd. A logic flaw vulnerability exists in the CCTV firewall, which can be exploited ...

D-Link DIR-665 Buffer Overflow Vulnerability

The D-Link DIR-665 is a high-performance wireless router that belongs to D-Link's flagship product. A buffer overflow vulnerability exists in the D-Link DIR-665. The vulnerability stems from a stack buffer overflow in the function subAC78 in the HTTP POST Request Handler component, which can be...

TOTOLINK EX1200T Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK EX1200T version 4.1.2cu.5232B20210713. The vulnerability arises due to an error in some unknown process in the file /boafrm/formStats in the HTTP POST...

Mattermost Improper Access Restriction Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an improper access restriction vulnerability. The vulnerability arises due to improperly set API access rights. An attacker could use this vulnerability to gain unauthorized...

Nipah Virus Testing Management System patient-report.php File SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that arises from insufficient filtering of the searchdata parameter in the patient-report.php file. An attacker can exploit this...

TOTOLINK EX1200T Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a wireless router from TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK EX1200T version 4.1.2cu.5232B20210713. The vulnerability arises due to improper handling of the submit-url parameter of file /boafrm/formWirelessTbl in the HTTP POST request handling...

Patient Record Management System urinalysis_record.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from improper handling of the parameter itrno in the /urinalysisrecord.php file. The vulnerability can be exploited by an attacker to...

BP Monitoring Management System registration.php file SQL Injection Vulnerability

BP Monitoring Management System is a bp monitoring management system. BP Monitoring Management System suffers from a SQL injection vulnerability that originates from improper filtering of the emailid parameter in the registration.php file. An attacker can exploit this vulnerability by manipulatin...

TOTOLINK EX1200T Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a wireless router from TOTOLINK that offers convenient network connectivity and management features. A buffer overflow vulnerability exists in the TOTOLINK EX1200T version 4.1.2cu.5232B20210713. The vulnerability arises due to a flaw in the handling of the submit-url...

Nipah Virus Testing Management System Cross-Site Scripting Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. A cross-site scripting vulnerability exists in the Nipah Virus Testing Management System due to improper handling of the serachdata parameter in the /search-report.php file. An attacker could use this vulnerability to...

Rail Pass Management System /contact.php file cross-site scripting vulnerability

Rail Pass Management System is a rail pass management system. A cross-site scripting vulnerability exists in Rail Pass Management System due to improper handling of the parameter Name in the /contact.php file. The vulnerability can be exploited by an attacker to execute malicious scripts on an...

Open5GS Denial of Service Vulnerability (CNVD-2025-18575)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by an attacker to cause a crash caused by the AMF in commonregisterstate...

Google ChromeOS Permission Issues Vulnerability

Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...

Tenda FH1205 Buffer Overflow Vulnerability

The tenda FH1205 is a dual-band wireless router for home users with a high price/performance ratio and stable network performance. A buffer overflow vulnerability exists in the Tenda FH1205 version 2.0.0.7. The vulnerability affects the fromadvsetlanip function in the /goform/AdvSetLanip file, an...

Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)

The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. The Schneider Electric EVLink WallBox suffers from a path traversal vulnerability that stems from improperly restricted pathnames, which can be exploited by an attacker to cause arbitrary...

Schneider Electric EVLink WallBox Path Traversal Vulnerability

The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. The Schneider Electric EVLink WallBox suffers from a path traversal vulnerability that stems from improperly restricted pathnames, which can be exploited by an attacker to cause arbitrary...

Schneider Electric EVLink WallBox Operating System Command Injection Vulnerability

The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. The Schneider Electric EVLink WallBox suffers from an operating system command injection vulnerability that originates from improper neutralization of special elements in OS commands, whic...

Schneider Electric EVLink WallBox Cross-Site Scripting Vulnerability

The Schneider Electric EVLink WallBox is a home charging station from the French company Schneider Electric. A cross-site scripting vulnerability exists in the Schneider Electric EVLink WallBox that stems from improper input neutralization during web page generation, no details of the vulnerabili...

Rail Pass Management System /admin/aboutus.php file cross-site scripting vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a cross-site scripting vulnerability that occurs due to unfiltered pagedes parameters of an unknown function in the /admin/aboutus.php file. The vulnerability can be exploited by an attacker...

Information Disclosure Vulnerability in Various ABB Products (CNVD-2025-13766)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Tenda AC6 /goform/SetRebootTimer File Buffer Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.05.16, which originates from the parameter rebootTime in the file /goform/SetRebootTimer that fails to correctly validate the length and size of the input data, and...

Microsoft Word Code Execution Vulnerability (CNVD-2025-17473)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Wyse Management Suite WMS Improper Authorization Vulnerability

Wyse Management Suite WMS is a combined cloud and local management platform from Dell. A misauthorization vulnerability exists in Wyse Management Suite WMS, which can be exploited by an attacker to cause unauthorized access...

Unspecified Vulnerability in D-Link DI-8100

The D-Link DI-8100 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A security vulnerability exists in the D-Link DI-8100 that stems from administrator login authentication bypass. No detailed vulnerability details are available at this...

WordPress MapSVG Cross-Site Scripting Vulnerability

WordPress MapSVG is a powerful WordPress map plugin that not only supports the creation of interactive maps, but also offers a wide range of customization and integration features. A cross-site scripting vulnerability exists in WordPress MapSVG, which stems from insufficient input cleanup and...

WordPress Hot Random Image Cross-Site Scripting Vulnerability

WordPress Hot Random Image is a basic plugin for displaying randomly selected images from a specified folder. A cross-site scripting vulnerability exists in WordPress Hot Random Image, which stems from insufficient link parameter input cleanup and escaping, and can be exploited by an attacker to...

WordPress Affiliate Sales in Google Analytics and other tools Input Validation Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An input validation error vulnerability exists in WordPress Affiliate Sales in Google Analytics and other tools, which stems from insufficient validation of the redirect URL...

WordPress Raisely Donation Form Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Raisely Donation Form, which stems from insufficient cleanup and escaping of user-supplied attribute inputs in the...

WordPress Animated Buttons Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Animated Buttons, which stems from insufficient cleanup and escaping of user-supplied attribute inputs in the...

TOTOLINK EX1200T formReflashClientTbl Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability that originates in the file /boafrm/formReflashClientTbl in the HTTP POST Request Handler component, which can be exploited by an attacker to execute...

WordPress MC Woocommerce Wishlist plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress MC Woocommerce Wishlist plugin has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

WordPress Krowd plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Krowd plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

WordPress Inset plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Inset plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

WordPress inprosysmedia-likes-dislikes-post plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress inprosysmedia-likes-dislikes-post plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL...

WordPress Grill and Chow plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress Grill and Chow plugin that stems from not doing effective filtering of local file resource calls, which can be exploited b...