FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20787)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input during data reception. No detailed vulnerability...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20786)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by improper validation of user-supplied input in the session POST dataset. No detailed vulnerability...

Tenable Network Monitor Elevation of Privilege Vulnerability

Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Inc. in the United States, mainly used for network vulnerability scanning and security assessment. Tenable Network Monitor suffers from an elevation of privilege vulnerability, which stems from improperly...

Mattermost Improper Access Control Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Improper Access Control vulnerability that stems from a failure to properly access control, which can be exploited by an attacker to view metadata about members of a public...

Medical Card Generation System HTML Injection Vulnerability

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from an HTML injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the pagedes parameter of admin/contactus.php, which can be...

Tenable Network Monitor Elevation of Privilege Vulnerability

Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Holdings, Inc. in the United States, mainly used for security assessment of network devices. Tenable Network Monitor suffers from an elevation of privilege vulnerability that originates from a...

FreeScout Security Bypass Vulnerability (CNVD-2025-20798)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by improper input validation of the laravel translation manager package. An attacker can exploit the...

FreeScout Security Bypass Vulnerability (CNVD-2025-20784)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability, which is due to a competitive conditions flaw. An attacker could exploit the vulnerability to perform concurrent...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20778)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that stems from not filtering the payload when creating translated phrases, no details of the vulnerability are...

Online Shopping Portal Project category.php File SQL Injection Vulnerability

Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Product in the file /category.php. An attacker can explo...

Mattermost Access Control Error Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an Access Control Error vulnerability that stems from improper access control restrictions and can be exploited by an attacker to cause information disclosure...

Mattermost has an unspecified vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from improperly invalidated personal access tokens, which can be exploited by an attacker to maintain full system access...

FreeScout Security Bypass Vulnerability

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that can be exploited by an attacker to gain initial access to an account by leveraging an invitation li...

News Portal /forgot-password.php File SQL Injection Vulnerability

News Portal is a news portal. News Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /admin/forgot-password.php. An attacker can exploit this vulnerability to execute illegal SQL...

FreeScout Security Bypass Vulnerability (CNVD-2025-20796)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by incorrect configuration of the root folder of the object Storage. An attacker could exploit the...

Roundcube Webmail Deserialization Vulnerability

RoundCube Webmail is a browser-based open source multi-language IMAP client , using PHP + Ajax development , to provide a desktop application-like interface and complete mail management features . Roundcube Webmail has a deserialization vulnerability , the vulnerability stems from the...

Mattermost Unauthorized Access Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an unauthorized access vulnerability that stems from improper cleaning of Google OAuth credentials, which can be exploited by an attacker to cause unauthorized access...

D-Link DIR-816 Router Stack Buffer Overflow Vulnerability

The D-Link DIR-816 is a wireless router for homes and small offices SOHO that supports dual-band 2.4GHz and 5GHz wireless networking. A stack buffer overflow vulnerability exists in the D-Link DIR-816. The vulnerability stems from the incorrect operation of the parameter dipaddress/sipaddress in...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14382)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the failure of the component PWD Command Handler to properly validate the length size of input data, no details of the vulnerability are provided at this time...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14381)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server that stems from the failure of the component BYE Command Handler to properly validate the length size of input data, no details of the vulnerability are provided at this time...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20799)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by email signatures. No detailed vulnerability...

FreeScout Security Bypass Vulnerability (CNVD-2025-20780)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability caused by a failure to check for missing password fields in data from users. An attacker could exploit the...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20797)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by an arbitrary client profile that improperly validates user-supplied input. No detailed...

FreeScout Cross-Site Scripting Vulnerability

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that stems from a lack of input validation and cleanup in the Session::flash function, no details of the...

FreeScout Security Bypass Vulnerability (CNVD-2025-20783)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is due to a logical flaw in the application's allow access feature. An attacker can exploit the vulnerability to...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20785)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in an uploaded HTML file. No detailed vulnerability...

Online Birth Certificate System users-applications.php File SQL Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System has a SQL injection vulnerability that originates from an incorrect manipulation of the parameter userid in the file /admin/users-applications.php resulting in SQL injection. No details of the...

FreeScout Information Disclosure Vulnerability

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from an information disclosure vulnerability that is caused by a logic flaw in the fill method. An attacker could exploit the vulnerability to obtain...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20795)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the lastname and firstname profile data. No...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2025-12569)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...

IBM Planning Analytics Local Code Issue Vulnerability

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A code issue vulnerability exists in IBM Planning Analytics Local versions 2.0 and 2.1, which stems from a failure to disable a session after logging out, and can be exploited by an attacker t...

Online Birth Certificate System /registered-users.php File SQL Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /admin/registered-users.php. An...

Google Chrome memory misreference vulnerability (CNVD-2025-12379)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in Blink. An attacker can exploit the vulnerability to execute arbitrary code on the system...

TOTOLINK X15 Router Stack Buffer Overflow Vulnerability

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a stack buffer overflow vulnerability. The vulnerability originates from the /boafrm/formMapReboot file, which does not perform strict length checking and boundary handling of input...

Wireshark Denial of Service Vulnerability (CNVD-2025-30216)

Wireshark is a very popular network packet analyzer that intercepts various network packets and displays packet details. A denial of service vulnerability exists in Wireshark. The vulnerability exists in Wireshark's column processing feature. When Wireshark attempts to process network packets or...

Weak Password Vulnerability in Monitoring System of Kehua Data Co.

The main business of Kehua Data Co., Ltd. covers data center, high-end power supply and new energy, serving customers in more than 100 countries and regions around the world. A weak password vulnerability exists in the monitoring system of Kehua Data Corporation, which can be exploited by attacke...

Command Execution Vulnerability in Net Video System of Tiandiwei Technology Co.

Net Video System network video system is a video processing and transmission system based on computer network technology, mainly used for real-time monitoring, video storage and remote communication. A command execution vulnerability exists in the Net Video System of Tiandiwei Technology Limited,...

Information Disclosure Vulnerability in Tenda Wireless Router of Shenzhen Jixiang Tenda Technology Co.

Tenda Wireless Router is a brand of network equipment focused on providing stable, easy-to-use wireless router solutions. Shenzhen Jixiang Tenda Technology Co., Ltd Tenda Wireless Router suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive...

SQL Injection Vulnerability in DSS Digital Surveillance System of Zhejiang Dahua Technology Co.

DSS Digital Surveillance System is a security video surveillance system with real-time monitoring, PTZ operation, video playback, alarm processing, device management and other functions. DSS Digital Surveillance System of Zhejiang Dahua Technology Co., Ltd. suffers from SQL injection vulnerabilit...

Command Execution Vulnerability in SecFox Operations and Maintenance Security Management and Audit System of Chianxin Technology Group Co.

SecFox O&M Security Management and Audit System is an O&M security management solution that integrates authentication, account management, privilege control, and O&M audit, providing unified O&M authentication, fine-grained privilege control, real-time supervision, and after-the-fact traceability...

Binary Vulnerability in Unisys UOS Desktop Professional Edition by Unisys Software Technology Co.

Unisys UOS Desktop Professional Edition is a commercial desktop operating system based on Linux kernel, which supports all CPU architectures including AMD64, ARM64, LoongArch64, SW64 and other mainstream architectures, and is suitable for domestic CPU platforms e.g., Haikuang, Zhaoshen, etc.. The...

Command Execution Vulnerability in Brother Technology Corporation HL-L2360D series

The HL-L2360D series is a line of compact monochrome laser printers, with key models such as the HL-L2360DW. A command execution vulnerability exists in the Brother Technology Corporation HL-L2360D series, which can be exploited by an attacker to execute commands...

Hospital Management System In PHP Code Execution Vulnerability

Hospital Management System In PHP is a PHP and MySQL based hospital management system. A code execution vulnerability exists in Hospital Management System In PHP, which originates in the hms/doctor/edit-profile.php file could lead to the execution of arbitrary code. No details of the vulnerabilit...

Command Execution Vulnerability in Panabit Log Audit System of Beijing Paiwang Software Co.

Beijing PaiNet Software Co., Ltd. is a technology company focusing on providing network application layer solutions for the government and enterprise industries. A command execution vulnerability exists in the panabit log auditing system of Beijing Pai Networks Software Co. Ltd, which can be...

Command Execution Vulnerability in Cube OCS Management System of Hangzhou Cube Holding Co.

Cube OCS Management System is an access control management platform, mainly used for enterprise production management and access control scenarios. A command execution vulnerability exists in the Cube OCS Management System of Hangzhou Cube Holding Company Limited, which can be exploited by an...

Guangzhou Red Sea Cloud Computing Company Limited Red Sea Cloud eHr Exists Information Leakage Vulnerability

Redhaven eHR is a digital human resource management solution launched by Redhaven, focusing on providing state-owned enterprises and large-scale enterprises with systematic and precise services for optimizing salary distribution and incentive system. Guangzhou Red Sea Cloud Computing Co. Red Sea...

Google Chrome Security Bypass Vulnerability (CNVD-2025-15180)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

Google Chrome Security Bypass Vulnerability (CNVD-2025-15181)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

Google Chrome Out-of-Bounds Read/Write Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an out-of-bounds read/write vulnerability that stems from an out-of-bounds read/write issue in the V8 engine, which can be exploited by an attacker to trigger the vulnerability via a malicious web page, bypassing t...

Microsoft Edge (Chromium-based) Update elevation of privilege vulnerability (CNVD-2025-23057)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based Update, which is caused by improper link resolution before file access. An attacker could exploit the...