Cisco ThousandEyes Endpoint Agent Path Traversal Vulnerability

Cisco ThousandEyes Endpoint Agent is an endpoint agent program from Cisco USA. A path traversal vulnerability exists in Cisco ThousandEyes Endpoint Agent, which can be exploited by an attacker to cause the deletion of an arbitrary file, due to a failure of the program to properly filter for...

Samsung Internet ClientProvider Authorization Issues Vulnerability

Samsung Internet is a web browser from Samsung. Samsung Internet suffers from an authorization issue vulnerability that stems from mishandling of ClientProvider privilege insufficiency, which can be exploited by an attacker to read or write arbitrary files...

Online Fire Reporting System /search-report-result.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter serachdata in the file /search-report-result.php. An attacker c...

Notice Board System search-notice.php File SQL Injection Vulnerability

Notice Board System is a bulletin board system. The Notice Board System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /search-notice.php. An attacker can exploit this vulnerability to...

IBM Application Gateway Incorrect Privilege Assignment Vulnerability

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An incorrect...

TOTOLINK X15 Command Injection Vulnerability

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a command injection vulnerability that stems from the parameter deviceMacAddr failing to properly filter constructed command special characters, commands, and so on. No detailed...

Tenda RX3 Buffer Overflow Vulnerability

Tenda RX3 is a dual-band WiFi 6 home wireless router from Tenda China. It is used for home network coverage and supports high-speed wireless connection. A buffer overflow vulnerability exists in Tenda RX3 version 16.03.13.11multiTDE01, which originates from the parameter list in the file...

WordPress WP Info Card plugin cross-site scripting vulnerability

WordPress WP Info Card plugin is a plugin for displaying plugin and theme information in your WordPress website. The WordPress WP Info Card plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping, which can be exploited by an attacke...

Daily Expense Tracker System /expense-reports-detailed.php File SQL Injection Vulnerability

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in the parameter fromdate/todate in the file...

D-Link DIR-816 /goform/form2lansetup.cgi file buffer overflow vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a buffer overflow vulnerability that stems from the file /goform/form2lansetup.cgi parameter ip failing to properly validate the length and size of the input data, which can be exploited by an attacke...

WordPress Ninja Tables plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Ninja Tables plugin has a code issue vulnerability , the vulnerability stems from argscallback parameter deserialization untrustworthy inputs , an attacker can use thi...

WordPress WP User Frontend Pro plugin path traversal vulnerability

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a path traversal vulnerability that stems from insufficient file path validation in the deleteavatarajax function. ...

WordPress WP User Frontend Pro plugin code issue vulnerability

WordPress WP User Frontend Pro plugin is a WordPress front-end user center plugin that provides powerful front-end administration features. WordPress WP User Frontend Pro plugin has a code issue vulnerability, the vulnerability stems from the lack of file type validation in the uploadfiles...

Cisco Nexus Dashboard Fabric Controller Trust Management Issues Vulnerability

The Cisco Nexus Dashboard Fabric Controller is a comprehensive network management platform from Cisco for managing Cisco NX-OS deployments for LAN, SAN, and IP Fabric for Media IPFM networks in data centers. A trust management issue vulnerability exists in Cisco Nexus Dashboard Fabric Controller...

X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.

The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...

WordPress FancyBox plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FancyBox plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...

WordPress File Provider plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress File Provider plugin suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF checks. An attacker could use this vulnerability to all...

Tenda CH22 Buffer Overflow Vulnerability

Tenda CH22 is a network device from Tenda, China. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from the parameter page in the file /goform/Natlimit that fails to properly validate the length of the input data, which can be exploited by an attacker to execute arbitra...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14375)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the SYSTEM Command Handler component failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

Dairy Farm Shop Management System /add-product.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement for the parameter productname in the file...

TOTOLINK X2000R peerRptPin parameter command injection vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from the parameter peerRptPin failing to correctly filter constructed command special characters, commands, and so on. No details of the...

Tenda AC18 /goform/AdvSetLanip Handling lanMask Parameter Buffer Overflow Vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda AC18 /goform/AdvSetLanip handling lanMask parameter, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the application...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15523)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.2 suffers from a security vulnerability, no details of the vulnerability are provided at this time...

QNAP QTS and QNAP QuTS hero command injection vulnerabilities

QNAP QTS is a Linux-based NAS operating system launched by QNAP, providing an intuitive and easy-to-use graphical interface and powerful data management features. QNAP QuTS hero is an operating system launched by QNAP specifically for enterprise-level applications, adopting the ZFS file system,...

TOTOLINK X2000R devicemac1 Command Injection Vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter devicemac1, no details of the vulnerability are provided at this time...

Tenda CP3 Command Injection Vulnerability

Tenda CP3 is a smart camera from Tenda, a Chinese company. A command injection vulnerability exists in Tenda CP3 version 11.10.00.2311090948, which stems from the failure of the function subF3C8C in the file apollo to correctly filter constructed command special characters, commands, and so on. A...

Tenda AC18 /goform/SetIPTVCfg Command Injection Vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter list in the file /goform/SetIPTVCfg. No details of the vulnerability are available at this time...

Tenda AC15 /goform/setPptpUserList file buffer overflow vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. Tenda AC15 suffers from a buffer overflow vulnerability, which originates from the parameter list in the file /goform/setPptpUserList that fails to correctly validate the length of the input data, which can be exploited by an...

Tenda AC15 Buffer Overflow Vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. Tenda AC15 suffers from a buffer overflow vulnerability, which originates from the parameter lanMask in the file /goform/AdvSetLanip that fails to correctly validate the length and size of the input data, which can be exploited b...

Tenda AC18 /goform/setPptpUserList Buffer Overflow Vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from a misuse of the parameter list in the file /goform/setPptpUserList, which can be exploited by an attacker to submit a special request and execute arbitrary...

Human Metapneumovirus Testing Management System /registered-user-testing.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. The Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter...

Laundry System Cross-Site Request Forgery Vulnerability

Laundry System is a laundry system. The Laundry System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this vulnerability to spoof a malicious reque...

Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability

Traffic Offense Reporting System is a traffic violation reporting system. The Traffic Offense Reporting System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker cou...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15553)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.0 suffers from a security vulnerability, no details of the vulnerability are provided at this time...

Employee Record Management System /admin/adminprofile.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter AdminName in the file /admin/adminprofile.php. ...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-319811)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15524)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.0 suffers from a security vulnerability, no details of the vulnerability are provided at this time...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15522)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS version 5.0.0, which can be exploited by an attacker to cause certain exception types to go uncaught...

Huawei HarmonyOS Deserialization Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a deserialization vulnerability, which arises from unsafe deserialization of serialized data received by an application from a...

QNAP QTS and QNAP QuTS hero buffer overflow vulnerability

QNAP QTS is a Linux-based NAS operating system launched by QNAP, providing an intuitive and easy-to-use graphical interface and powerful data management features. QNAP QuTS hero is an operating system launched by QNAP specifically for enterprise-level applications, adopting the ZFS file system,...

Tenda AC8 /goform/WifiExtraSet File Buffer Overflow Vulnerability

Tenda AC8 is a wireless router from Tenda, a Chinese company. Tenda AC8 suffers from a buffer overflow vulnerability, which originates from the parameter wpapskcrypto in the file /goform/WifiExtraSet that fails to correctly validate the length and size of the input data, which can be exploited by...

Tenda AC9 /goform/AdvSetLanip File Buffer Overflow Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC9 version 15.03.02.13, which originates from the parameter lanMask in the file /goform/AdvSetLanip that fails to correctly validate the length of the input data, and can be exploited by...

Employee Record Management System /admin/allemployees.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/allemployees.php. An...

Tenda AC18 /goform/SetSysAutoRebbotCfg Buffer Overflow Vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from a misuse of the parameter rebootTime in the file /goform/SetSysAutoRebbotCfg, which can be exploited by an attacker to submit a special request and execute...

TOTOLINK N302R Plus service_type parameter buffer overflow vulnerability

The TOTOLINK N300R Plus is a wireless router. The TOTOLINK N302R Plus buffer overflow vulnerability, which stems from a misuse of the parameter servicetype, can be exploited by an attacker to execute arbitrary code...

TOTOLINK N302R Plus url parameter buffer overflow vulnerability

The TOTOLINK N300R Plus is a wireless router. The TOTOLINK N302R Plus buffer overflow vulnerability, which stems from a misuse of the parameter url, can be exploited by an attacker to execute arbitrary code...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-155555)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS version 5.0.0, which can be exploited by attackers to compromise service confidentiality...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15525)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS version 5.0.0, which can be exploited by attackers to affect availability...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15554)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.0 suffers from a security vulnerability, no details of the vulnerability are provided at this time...

Tenda AC9 Command Injection Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a command injection vulnerability that stems from the parameter list in the file /goform/SetIPTVCfg failing to properly filter constructed command special characters, commands, and so on. No details of the...