IBM Sterling Partner Engagement Manager Improper Key Storage Vulnerability

IBM Sterling Partner Engagement Manager is an automated management tool from International Business Machines IBM. IBM Sterling Partner Engagement Manager suffers from an improper key storage vulnerability that stems from improper JWT key storage. An attacker could exploit the vulnerability to cau...

IBM i Trust Management Issues Vulnerabilities

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i is vulnerable to a trust management issue vulnerability that stems from improper handling of IBM i Netserver authentication, no details of the vulnerability are...

WAVLINK WL-WN530H4 Command Injection Vulnerability

WAVLINK WL-WN530H4 is a high-performance USB wireless card from China RuiYin WAVLINK that supports 802.11ac dual-band Wi-Fi. WAVLINK WL-WN530H4 suffers from a command injection vulnerability, which originates from the failure of the pingtest function in adm.cgi to correctly filter pingIp paramete...

TOTOLINK CA600-PoE msg_process function Url parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the msgprocess function Url parameter failing to properly filter construct command special characters, commands, etc. No...

TOTOLINK CA600-PoE CloudSrvUserdataVersionCheck function url parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the CloudSrvUserdataVersionCheck function url parameter failing to correctly filter constructed command special character...

TOTOLINK CA300-PoE CloudSrvUserdataVersionCheck Function Command Injection Vulnerability

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK CA300-PoE version V6.2c.884B20180522, which stems from the CloudSrvUserdataVersionCheck function url parameter failing to correctly filter constructed command...

PCMan FTP Server VERBOSE Command Handler Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the VERBOSE command handler failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial ...

NETGEAR RAX5 vif_enable function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that originates from the iface parameter in the vifenable function failing to correctly filter constructed command special characters, commands, and so on. An attacker can exploit this...

NETGEAR RAX5 vif_disable function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the iface parameter in the vifdisable function failing to correctly filter constructed command special characters, commands, and so on. An attacker can exploit this...

NETGEAR RAX5 apcli_do_enr_pbc_wps function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the failure of the ifname parameter in the apclidoenrpbcwps function to correctly filter constructed command special characters, commands, and so on. An attacker can...

NETGEAR RAX5 apcli_cancel_wps function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the failure of the ifname parameter in the apclicancelwps function to correctly filter constructed command special characters, commands, and so on. An attacker can explo...

Google Chrome Code Execution Vulnerability (CNVD-2025-10928)

Google Chrome is a web browser from Google, an American company. Google Chrome has a code execution vulnerability that can be exploited by attackers to cause heap corruption...

D-Link DIR-600L formEasySetupWizard function buffer overflow vulnerability

The D-Link DIR-600L is a wireless router from China-based AUO D-Link. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the function formEasySetupWizard that fails to correctly validate the length and size of the input data, which can be...

D-Link DIR-600L formEasySetupWizard3 Function Buffer Overflow Vulnerability

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the parameter host of function formEasySetupWizard3 failing ...

Samsung Members Path Traversal Vulnerability

Samsung Members is a community platform app from Samsung South Korea. Samsung Members suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file. An attacker can exploit this vulnerability to cause arbitrar...

Samsung libsavscmn Out-of-Bounds Write Vulnerability

Samsung libsavscmn is a cell phone application from the South Korean company Samsung SAMSUNG. An out-of-bounds write vulnerability exists in Samsung libsavscmn, which can be exploited by an attacker to execute arbitrary code...

Samsung libsavscmn Memory Corruption Vulnerability

Samsung libsavscmn is a cell phone application from the South Korean company Samsung SAMSUNG. A memory corruption vulnerability exists in Samsung libsavscmn, which can be exploited by attackers to cause memory corruption...

Google ChromeOS Out-of-Bounds Read Vulnerability

Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a virtual machine to escape...

Cisco Catalyst SD-WAN Manager Elevation of Privilege Vulnerability

Cisco Catalyst SD-WAN Manager is an API interface from Cisco for managing and configuring SD-WAN software-defined WAN devices. An elevation of privilege vulnerability exists in Cisco Catalyst SD-WAN Manager, which can be exploited by an attacker to cause an elevation of privilege...

TOTOLINK CPE CP900 setUploadUserData Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the setUploadUserData function failing to properly filter construct command special characters, commands, etc. No detail...

TOTOLINK CPE CP900 setApRebootScheCfg Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the setApRebootScheCfg function failing to correctly filter construct command special characters, commands, etc. No...

TOTOLINK CA600-PoE setWebWlanIdx Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the setWebWlanIdx function failing to properly filter construct command special characters, commands, etc. No detailed...

TOTOLINK CA600-PoE NTPSyncWithHost Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the NTPSyncWithHost function failing to properly filter construct command special characters, commands, etc. No detailed...

TOTOLINK A950RG Command Execution Vulnerability

The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a command execution vulnerability that stems from improper handling of the deviceMac parameter in the setDeviceName interface in the /lib/cstemodules/global.so...

TOTOLINK A720R Improper Authentication Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A720R suffers from an improper authentication vulnerability that stems from improper handling of the parameter topicurl in the file /cgi-bin/cstecgi.cgi, no details of the vulnerability are provided at this...

GNU PSPP Denial of Service Vulnerability

GNU PSPP is an application for data sampling, statistics and analysis. A denial of service vulnerability exists in GNU PSPP, which can be exploited by an attacker to cause assertion failures and application exits...

Dell Storage Manager Path Traversal Vulnerability

Dell Storage Manager is a centralized storage management platform from Dell that supports the configuration, monitoring and automated operation and maintenance of the full range of Dell EMC storage systems. A path traversal vulnerability exists in Dell Storage Manager, which stems from an...

Dell Storage Manager Cross-Site Scripting Vulnerability

Dell Storage Manager is a centralized storage management platform from Dell that supports the configuration, monitoring and automated operation and maintenance of the full range of Dell EMC storage systems. A cross-site scripting vulnerability exists in Dell Storage Manager that originates from...

TOTOLINK A720R Information Disclosure Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A720R suffers from an information disclosure vulnerability that originates from improper handling of the parameter topicurl in the file /cgi-bin/cstecgi.cgi, which can be exploited by an attacker to cause...

Tenda W20E formSetDebugCfg function module parameter command injection vulnerability

The Tenda W20E is a router from the Chinese company Tenda. The Tenda W20E suffers from a command injection vulnerability that stems from the failure of the formSetDebugCfg function module parameter to properly filter constructor command special characters, commands, etc. The vulnerability is caus...

Tenda RX2 Pro Access Control Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An Access Control Error vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which stems from a lack of access control in the ate management binary, and can be exploited by an attacker to cause unauthorized...

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An information disclosure vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to potentially cause decryption of encrypted messages...

D-Link DIR-600L wake_on_lan Function Command Injection Vulnerability

The D-Link DIR-600L is a wireless router from China's AUO D-Link. The D-Link DIR-600L suffers from a command injection vulnerability that stems from the wakeonlan function parameter host failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...

D-Link DIR-600L formSysCmd Function Command Injection Vulnerability

The D-Link DIR-600L is an entry-level wireless router from China-based AUO D-Link that supports 150Mbps wireless transmission and four 100Gbps wired ports. The D-Link DIR-600L suffers from a command injection vulnerability that stems from the formSysCmd function parameter host failing to properly...

NETGEAR EX6200 sub_503FC function buffer overflow vulnerability

NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The NETGEAR EX6200 suffers from a buffer overflow vulnerability that originates from the sub503FC function parameter host failing to properly validate the length of the input data, which can be exploited by an attacker to execute...

TOTOLINK CA300-PoE Command Injection Vulnerability (CNVD-2025-10606)

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. TOTOLINK CA300-PoE suffers from a command injection vulnerability that stems from the msgprocess function Url parameter failing to correctly filter constructive command special characters, commands, etc., which...

PCMan FTP Server TYPE Command Handler Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the TYPE command handler failing to properly validate the length of input data, which can be exploited by an attacker to cause a denial of service...

TOTOLINK CA600-PoE CloudSrvUserdataVersionCheck function version parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the CloudSrvUserdataVersionCheck function version parameter failing to correctly filter the constructor command special...

NETGEAR WG302v2 Command Injection Vulnerability

The NETGEAR WG302v2 is a wireless access point from NETGEAR. The NETGEAR WG302v2 suffers from a command injection vulnerability that stems from the uigetinputvalue function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...

TOTOLINK CA600-PoE msg_process function Port parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the msgprocess function Port parameter failing to correctly filter construct command special characters, commands, etc. N...

Unspecified Vulnerability in RT-Labs P-Net (CNVD-2025-10046)

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and prior versions, which can be exploited by an attacker to cause an IO...

NETGEAR RAX5 apcli_wps_gen_pincode function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability that stems from the failure of the ifname parameter in the apcliwpsgenpincode function to correctly filter constructed command special characters, commands, and so on. An attacker can...

D-Link DIR-600L formSetWAN_Wizard534 Function Buffer Overflow Vulnerability

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the formSetWANWizard534 function...

NETGEAR EX6200 sub_3D0BC Function Buffer Overflow Vulnerability

NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The NETGEAR EX6200 suffers from a buffer overflow vulnerability that originates from the sub3D0BC function parameter host failing to properly validate the length of the input data, which can be exploited by an attacker to execute...

Unspecified Vulnerability in RT-Labs P-Net (CNVD-2025-10047)

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and prior versions, which can be exploited by attackers to cause memory...

TOTOLINK CP900 setUpgradeUboot Function Command Injection Vulnerability

The TOTOLINK CP900 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900 suffers from a command injection vulnerability that stems from the setUpgradeUboot function failing to properly filter constructor command special characters, commands, etc. No detailed vulnerabilit...

Cyber Cafe Management System adminprofile.php File SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber in the file /adminprofile.php. An attacker can...

NETGEAR EX6200 sub_3C8EC Function Buffer Overflow Vulnerability

NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The NETGEAR EX6200 suffers from a buffer overflow vulnerability that originates from the sub3C8EC function parameter host failing to properly validate the length of the input data, which can be exploited by an attacker to execute...

Online Birth Certificate System /search.php File SQL Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /admin/search.php. An...

Delta Electronics ISPSoft Out-of-Bounds Write Vulnerability

Delta Electronics ISPSoft is a set of PLC Programmable Logic Controller programming software from Delta Electronics, China. An out-of-bounds write vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code while parsing an ISP file...