TOTOLINK CA600-PoE CloudSrvUserdataVersionCheck function svn parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the CloudSrvUserdataVersionCheck function svn parameter failing to correctly filter constructed command special character...

Tenda W20E formSetDebugCfg function enable parameter command injection vulnerability

The Tenda W20E is a router from the Chinese company Tenda. The Tenda W20E suffers from a command injection vulnerability that stems from the formSetDebugCfg function enable parameter failing to properly filter construct command special characters, commands, and so on. No detailed vulnerability...

D-Link DIR-890L/DIR-806A1 Command Injection Vulnerability

D-Link DIR-890L and D-Link DIR-806A1 are both products of China's AUO D-Link.D-Link DIR-890L is a wireless router.D-Link DIR-806A1 is a dual-band wireless router that supports AC750 wireless rate and USB sharing function. The D-Link DIR-890L and D-Link DIR-806A1 suffer from a command injection...

NETGEAR JWNR2000v2 cmd_wireless function command injection vulnerability

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a command injection vulnerability that stems from the cmdwireless function parameter host failing to properly filter constructor command special characters, commands, and so on. No details of the...

Tenda W20E formSetDebugCfg function level parameter command injection vulnerability

The Tenda W20E is a router from the Chinese company Tenda. The Tenda W20 suffers from a command injection vulnerability that stems from the formSetDebugCfg function level parameter failing to properly filter construct command special characters, commands, and so on. No details of the vulnerabilit...

Unspecified Vulnerability in SAMSUNG Notes

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes has a security vulnerability that can be exploited by attackers to obtain sensitive information...

Nero Social Networking Site index.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that originates from the incorrect manipulation of multiple parameters in the file /index.php, which can be exploited by an attacker to execute illegal SQL commands to...

Company Visitor Management System /department.php File SQL Injection Vulnerability

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter departmentname in the file /department.php. An attacke...

Patient Record Management System edit_xpatient.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter lastname in the file /editxpatient.php. An attacker...

Student Record System add-course.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter course-short in the file /add-course.php. An attacker can exploit this vulnerability to...

Student Record System add-subject.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in parameter sub1 in file /add-subject.php. An attacker can exploit this vulnerability to execute...

NETGEAR EX6120 fwAcosCgiInbound Function Buffer Overflow Vulnerability

The NETGEAR EX6120 is a wireless extender from NETGEAR. The NETGEAR EX6120 suffers from a buffer overflow vulnerability that originates from the fwAcosCgiInbound function parameter host failing to correctly validate the length and size of the input data, which can be exploited by an attacker to...

NETGEAR JWNR2000v2 check_language_file function buffer overflow vulnerability

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a buffer overflow vulnerability that originates from the checklanguagefile function parameter host failing to properly validate the length of input data, which can be exploited by an attacker to execute...

Tenda RX2 Pro Security Bypass Vulnerability (CNVD-2025-13838)

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. A security bypass vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to cause telnet access to be enabled...

TOTOLINK CA600-PoE CloudSrvUserdataVersionCheck function magicid parameter command injection vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the failure of the magicid parameter of the CloudSrvUserdataVersionCheck function to correctly filter constructed command...

NETGEAR JWNR2000v2 sub_4238E8 function buffer overflow vulnerability

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a buffer overflow vulnerability that originates from the sub4238E8 function's parameter host failing to correctly validate the length of the input data, which can be exploited by an attacker to execute...

D-Link DIR-600L formLogin Function Buffer Overflow Vulnerability

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the function formLogin that fails...

WeGIA SQL Injection Vulnerability (CNVD-2025-22278)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to cause a data leak or complete database corruption...

Pre-School Enrollment System /admin/visitor-details.php File SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Status in file /admin/visitor-details.php. An...

Pre-School Enrollment System /admin/edit-teacher.php File SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter mobilenumber in the file /admin/edit-teacher.php. ...

Pre-School Enrollment System /admin/edit-subadmin.php File SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber in file /admin/edit-subadmin.php. An...

Curfew e-Pass Management System /admin/edit-pass-detail.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-pass-detail.php. A...

Art Gallery Management System /admin/add-art-type.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter arttype in the file /admin/add-art-type.php against an externally entered SQL statement. An...

Art Gallery Management System /admin/add-art-medium.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter artmed in the file /admin/add-art-medium.php. An attacker c...

NETGEAR EX6200 sub_41940 Function Buffer Overflow Vulnerability

NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The NETGEAR EX6200 suffers from a buffer overflow vulnerability that originates from the sub41940 function parameter host failing to properly validate the length of input data, which can be exploited by an attacker to execute...

NETGEAR JWNR2000v2 default_version_is_new function buffer overflow vulnerability

The NETGEAR JWNR2000v2 is a wireless router from NETGEAR. The NETGEAR JWNR2000v2 suffers from a buffer overflow vulnerability that originates from the defaultversionisnew function parameter host failing to correctly validate the length of the input data, which can be exploited by an attacker to...

Tenda RX2 Pro Security Bypass Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. A security bypass vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to cause decryption, replay, or spoofing of traffic...

PCMan FTP Server 'GLOB' Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP server software. A buffer overflow vulnerability exists in PCMan FTP Server 'GLOB', which originates from the GLOB command handler failing to properly validate the length and size of input data, and can be exploited by an attacker to execute...

Tenda RX2 Pro Weak Credentials Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...

Google Chrome Code Execution Vulnerability (CNVD-2025-10054)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome prior to version 136.0.7103.59, which stems from an out-of-bounds memory access in DevTools, and can be exploited by an attacker to cause heap corruption...

TOTOLINK CA300-PoE Command Injection Vulnerability (CNVD-2025-10607)

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. TOTOLINK CA300-PoE has a command injection vulnerability, the vulnerability stems from the recvUpgradeNewFw function fwUrl parameter fails to correctly filter the construction of the command special characters,...

Tenda AC9 formSetSambaConf Function Command Injection Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. Tenda AC9 suffers from a command injection vulnerability, which arises from the formSetSambaConf function usbname parameter failing to correctly filter the construct command special characters, commands, etc. The vulnerability can be...

IBM Concert Software Encryption Issues Vulnerabilities

IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert Software suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which could be...

Siemens VersiCharge AC Series EV Charger M0 Firmware Arbitrary Code Execution Vulnerability

The VersiCharge AC Series Electric Vehicle Charger is an electric vehicle charging device from Siemens for a variety of application scenarios, including workplaces, retail, parking lots, multi-unit housing, public charging and home charging. An arbitrary code execution vulnerability exists in the...

Unspecified Vulnerability in RT-Labs P-Net (CNVD-2025-10045)

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and prior versions, which can be exploited by an attacker to cause an IO...

NETGEAR EX6120 sub_30394 function buffer overflow vulnerability

The NETGEAR EX6120 is a wireless extender from NETGEAR. The NETGEAR EX6120 suffers from a buffer overflow vulnerability that stems from the sub30394 function parameter host failing to properly validate the length and size of input data, which can be exploited by an attacker to execute arbitrary...

D-Link DIR-600L formSetLog Function Buffer Overflow Vulnerability

The D-Link DIR-600L is a wireless router from China-based AUO D-Link. The D-Link DIR-600L suffers from a buffer overflow vulnerability that originates from the parameter host of the function formSetLog that fails to properly validate the length size of the input data, which can be exploited by an...

Google Chrome Buffer Overflow Vulnerability (CNVD-2025-10057)

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 136.0.7103.59, which stems from an application boundary error when handling untrusted input, and can be exploited by an attacker to cause heap corruption...

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that can be exploited by an attacker to collect credentials for authentication...

IBM Maximo Application Suite Elevation of Privilege Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. An elevation of privilege vulnerability exists in IBM Maximo Application Suite, which stems from...

Cisco IOS XE Wireless Controller Software Access Control Error Vulnerability

Cisco IOS XE Wireless Controller software is a wireless LAN controller from Cisco. The Cisco IOS XE Wireless Controller Software suffers from an Access Control Error vulnerability that stems from insufficient access control and can be exploited by an attacker to cause the deletion of arbitrary us...

TOTOLINK A720R Access Control Error Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A720R suffers from an Access Control Error vulnerability that originates from improper handling of the parameter topicurl in the file /cgi-bin/cstecgi.cgi, which can be exploited by an attacker to cause...

Cisco IOS Access Control Error Vulnerability (CNVD-2025-15478)

Cisco IOS is the United States Cisco Cisco company's set of operating system developed for its network equipment. Cisco IOS suffers from an Access Control Error vulnerability that stems from a misconfiguration of access control lists, which can be exploited by an attacker to cause bypassing of AC...

Schneider Electric Trio Q Licensed Data Radio Information Disclosure Vulnerability Vulnerability

The Schneider Electric Trio Q Licensed Data Radio is a radio from Schneider Electric France. The Schneider Electric Trio Q Licensed Data Radio suffers from an information disclosure vulnerability that stems from an insecure initialization of resources, which can be exploited by an attacker to...

TOTOLINK CPE CP900 CloudSrvUserdataVersionCheck Function Command Injection Vulnerability

TOTOLINK CPE CP900 is an outdoor wireless CPE device from China Gion Electronics TOTOLINK. The TOTOLINK CPE CP900 suffers from a command injection vulnerability that stems from the CloudSrvUserdataVersionCheck function failing to correctly filter construct command special characters, commands, et...

NETGEAR EX6200 sub_54014 Function Buffer Overflow Vulnerability

NETGEAR EX6200 is a wireless network signal extender from NETGEAR. The NETGEAR EX6200 suffers from a buffer overflow vulnerability that originates from the sub54014 function parameter host failing to properly validate the length of the input data, which can be exploited by an attacker to execute...

ERPNext Cross-Site Request Forgery Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a cross-site request forgery vulnerability that can be exploited by attackers to cause unauthorized operations...

Tenda W20E formSetNetCheckTools function command injection vulnerability

The Tenda W20E is a router from the Chinese company Tenda. The Tenda W20E suffers from a command injection vulnerability that stems from the formSetNetCheckTools function hostName parameter failing to correctly filter constructed command special characters, commands, and so on. No detailed...

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that originates from the explicit transmission of sensitive information in the web management portal, which can be exploited by an attacker to decry...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2025-13268)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks when visiting specially crafted websites...