Netgear DGND3700 Information Disclosure Vulnerability

The Netgear DGND3700 is a modem router from NETGEAR. The Netgear DGND3700 suffers from an information disclosure vulnerability that originates from improper handling of the file /BRStop.html, which can be exploited by an attacker to cause information disclosure...

Planet FW-WGS-804HPT web_stp_globalSetting_post function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the stpconfname parameter in the webstpglobalSettingpost function failing to correctly validate the length and size of the input data...

Arbitrary File Read Vulnerability in PicHome of Beijing Qiaoqiao Times Network Technology Co.

PicHome is an image display portal, image search engine for the Ouatto document system. Beijing Qiaoqiao Times Network Technology Co., Ltd PicHome has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...

SAP ERP HCM and SAP S/4HANA Authorization Issues Vulnerability

SAP ERP HCM and SAP S/4HANA are both products of SAP, an enterprise human resource management solution, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP ERP HCM and SAP S/4HANA have an authorization issue vulnerability that stems fro...

Gnu Screen Arbitrary File Creation Vulnerability

Gnu Screen is an application from the American GNU community. It provides the effect of getting multiple virtual terminals on one physical terminal. Gnu Screen suffers from an arbitrary file creation vulnerability that stems from the logfilereopen function not properly dropping permissions, no...

Ivanti Cloud Services Application Elevation of Privilege Vulnerability

The Ivanti Cloud Services Application CSA is a locally deployed virtual appliance designed to simplify and enhance the integration of Ivanti products with cloud services. An elevation of privilege vulnerability exists in Ivanti Cloud Services Application, which is derived from default credentials...

Ivanti Neurons for ITSM Authentication Bypass Vulnerability

Ivanti Neurons for ITSM is an automation platform for IT service management, based on artificial intelligence and machine learning technologies, designed to optimize the IT service delivery process and enhance user experience. An authentication bypass vulnerability exists in Ivanti Neurons for...

VMware Cloud Foundation Information Disclosure Vulnerability

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. An information disclosure vulnerability exists in VMware Cloud Foundation, which can be...

AMD uProf Connection Point Vulnerability

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from a connection point vulnerability that can be exploited by attackers to cause arbitrary file deletion or disclosu...

Planet FW-WGS-804HPT web_acl_mgmt_Rules_Edit_postcontains function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall-mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the failure of the byruleEditName parameter in the webaclmgmtRulesEditpostcontains function to correctly validate the length and size...

Centreon has an unspecified vulnerability (CNVD-2025-24800)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon suffers from a security vulnerability that is exploited by attackers to cause elevation of...

SAP S4CORE Information Disclosure Vulnerability

SAP S4CORE is an application for managing procurement contracts from SAP. SAP S4CORE suffers from an information disclosure vulnerability that stems from a lack of authorization checks, which can be exploited by an attacker to cause information disclosure...

SAP NetWeaver Information Disclosure Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. An information disclosure vulnerability exists in SAP NetWeaver, which can be exploited by an attacker to...

SAP Service Parts Management Authorization Issues Vulnerability

SAP Service Parts Management is an intelligent spare parts supply chain solution for after-sales service from SAP. An authorization issue vulnerability exists in SAP Service Parts Management, which stems from a lack of authorization checking, no details of the vulnerability are available at this...

Intel Data Center GPU Flex Series Access Control Error Vulnerability (CNVD-2025-21342)

Intel Data Center GPU Flex Series is Intel's high-performance GPU solution for data centers, mainly serving cloud gaming, AI visual inference, media processing and other scenarios. The Intel Data Center GPU Flex Series suffers from an Access Control Error vulnerability that stems from improper...

Intel Atom Processors Information Disclosure Vulnerability

Intel Atom Processors is Intel's family of low-power processors for edge computing and networking applications, designed for devices that focus on battery life and compact size rather than raw processing performance. Intel Atom Processors suffers from an information disclosure vulnerability that...

Intel Processors Denial of Service Vulnerability

Intel Processors is a family of processors produced by Intel Corporation, covering a wide range of laptop, desktop, workstation, and server applications, providing basic to professional-level performance support. A denial of service vulnerability exists in Intel Processors, which stems from an...

Netgear DGND3700 Improper Authentication Vulnerability

The Netgear DGND3700 is a dual-band Gigabit wireless DSL router manufactured by NETGEAR and is primarily used for home and SMB network connections. The Netgear DGND3700 suffers from an improper authentication vulnerability that originates in an unknown portion of Basic Authentication's file...

JetBrains TeamCity Input Validation Error Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an input validatio...

Campcodes Sales and Inventory System SQL Injection Vulnerability

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. Campcodes Sales and Inventory System suffers from a SQL injection vulnerability that stems from the mishandling of the ID parameter in the file /pages/transactionupdate.php, no details of the vulnerability a...

CampCodes Sales and Inventory System SQL Injection Vulnerability

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. CampCodes Sales and Inventory System suffers from a SQL injection vulnerability that stems from the improper handling of the cid parameter in the file /pages/payment.php, no details of the vulnerability are...

WAVLINK WL-WN579A3 /cgi-bin/firewall.cgi Command Injection Vulnerability

WAVLINK WL-WN579A3 is a high performance dual-band wireless card from China RuiYin WAVLINK. The WAVLINK WL-WN579A3 suffers from a command injection vulnerability that originates from unfiltered input in the /cgi-bin/firewall.cgi component, which can be exploited by an attacker to submit a special...

WAVLINK WL-WN579A3 /cgi-bin/adm.cgi Command Injection Vulnerability

WAVLINK WL-WN579A3 is a high performance dual-band wireless card from China RuiYin WAVLINK. A command injection vulnerability exists in WAVLINK WL-WN579A3 /cgi-bin/adm.cgi, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

Google Chrome Information Disclosure Vulnerability (CNVD-2025-11248)

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from an information disclosure vulnerability, no details of the vulnerability are provided at this time...

Google Chrome Resource Management Error Vulnerability (CNVD-2025-11249)

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a Resource Management Error vulnerability that originates from reuse after release, which can be exploited by an attacker to submit a special Web request and trick the user into parsing it to execute arbitrary code...

Arbitrary File Read Vulnerability in SSL VPN of Beijing NetGuard Nebula Information Technology Co.

Beijing Netnifty Information Technology Co., Ltd. is a leading enterprise in the domestic information security industry, specializing in the research, development, production and sales of information security products. Beijing NetGuard Nebula Information Technology Co. Ltd NetGuard Nebula-SSL-VPN...

Shenzhen Lanling Software Co., Ltd. business operation cloud has sql injection vulnerability

Shenzhen BlueLine Software Co., Ltd. is a well-known large platform OA service provider and a leading provider of intelligent knowledge and "AI+Collaboration" solutions in China. There is a sql injection vulnerability in the business operation cloud of Shenzhen BlueLine Software Co., Ltd, which c...

XML Entity Injection Vulnerability in UFIDA U8Cloud at UFIDA Network Technologies Co.

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. An XML entity injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive information...

Cisco Identity Services Web Interface Cross-Site Scripting Vulnerability

Cisco Identity Services Engine is an identity-centric solution designed to provide comprehensive identity and access management IAM capabilities. A cross-site scripting vulnerability exists in the Cisco Identity Services web interface, which can be exploited by remote attackers to inject maliciou...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10924)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability due to an improper implementation in the FileSystemAccess API, which can be exploited by an attacker to perform user interface spoofing via specially crafted HTML pages...

JetBrains TeamCity Jira Integration Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. JetBrains TeamCity suffers from a cross-site scripting vulnerability that originates in the Jira integration and can be exploited by an attacker to inject malicious scrip...

JetBrains TeamCity GitHub Checks Webhook Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. JetBrains TeamCity suffers from a cross-site scripting vulnerability that originates in the GitHub Checks Webhook, which can be exploited by an attacker to inject malicio...

JetBrains TeamCity YouTrack Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. JetBrains TeamCity suffers from a cross-site scripting vulnerability, which originates in the YouTrack integration, that can be exploited by an attacker to inject malicio...

Delta Electronics CNCSoft-G2 Buffer Overflow Vulnerability (CNVD-2025-12364)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a buffer overflow vulnerability that originates from insufficient validation of user-supplied data lengths, which can be exploited by an attacker to...

Fuji Electric V-SFT Buffer Overflow Vulnerability (CNVD-2025-12951)

Fuji Electric V-SFT is a screen configuration software from Fuji Electric Japan. Fuji Electric V-SFT suffers from a buffer overflow vulnerability that originates in the settemptypedefault function in VS6MemInIF, which can be exploited by an attacker to cause a crash, information disclosure, and...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co.

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

IBM Aspera Faspex Unauthorized Access Vulnerability

IBM Aspera Faspex is a centralized file transfer solution designed to enable file exchange between users through an email-like workflow. An unauthorized access vulnerability exists in IBM Aspera Faspex. The vulnerability is due to client-side enforcement of server-side security mechanisms and can...

Tenda FH451 Stack Buffer Overflow Vulnerability

The Tenda FH451 is a 450Mbps home wireless router from Tenda. A stack buffer overflow vulnerability exists in the Tenda FH451. The vulnerability originates in the webExcptypemanFilter function in the /goform/webExcptypemanFilter file. An attacker can exploit this vulnerability to execute code...

SQL Injection Vulnerability in UFIDA U8+CRM at UFIDA Network Technology Co.

UFIDA U8+CRM is a management software designed specifically for the agency sales and service industry that integrates CRM, call center, and OA core applications and provides integrated applications for front-end marketing, back-end business processing, and employee management. A SQL injection...

Netgear DGND3700 Information Disclosure Vulnerability

The Netgear DGND3700 is an integrated, multi-functional wireless router for home and small office environments. An information disclosure vulnerability exists in the Netgear DGND3700. The vulnerability originates from unknown code in the minihttp component file /currentsetting.htm. An attacker ca...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14495)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server due to an unknown function in the component PROMPT command handler. No detailed vulnerability details are provided at this time...

D-Link DI-8100 Command Injection Vulnerability

The D-Link DI-8100 is a broadband router from D-Link designed for small to medium sized network environments. A command injection vulnerability exists in the D-Link DI-8100. The vulnerability stems from the logic code's lax input filtering, which can be exploited by an attacker to gain highest...

D-Link DAP-2695 /adv_macbypass.php file cross-site scripting vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DAP-2695, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter fmac in the file...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14505)

FreeFloat FTP Server is an FTP service from Freefloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the failure of the component RECV Command Handler to properly validate the length size of input data, no details of the vulnerability are provided at this time...

Tenda AC7 /goform/setMacFilterCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. Tenda AC7 suffers from a buffer overflow vulnerability, which originates from the parameter deviceList in the file /goform/setMacFilterCfg that fails to correctly validate the length of the input data, and can be exploited by an attack...

TOTOLINK A3002R Cross Site Scripting Vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter Comment in the component VPN Page, for which no...

IceWarp Mail Server Cross-Site Scripting Vulnerability

IceWarp Mail Server is a mail server product from the Czech company IceWarp IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in IceWarp Mail Server, which stems from the application's lack of effectiv...

D-Link DI-7003GV2 Information Disclosure Vulnerability

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability, which stems from the file /index.data being insufficiently protected for sensitive information, and can be exploited by an attacker to cause information...

D-Link DI-7003GV2 /login.data File Information Disclosure Vulnerability

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates from improper access control in the file /login.data, which can be exploited by an attacker to cause information disclosure...

D-Link DI-7003GV2 /install_base.data File Information Disclosure Vulnerability

The D-Link DI-7003GV2 is a router from China-based AUO D-Link. The D-Link DI-7003GV2 suffers from an information disclosure vulnerability that originates from improper access control in the file /installbase.data, which can be exploited by an attacker to cause information disclosure...