Cisco Catalyst SD-WAN Manager Trust Management Issue Vulnerability

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. A trust management issue vulnerability exists in Cisco Catalyst SD-WAN Manager, which stems...

D-Link DIR-600L formSetWanL2TP function buffer overflow vulnerability

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the formSetWanL2TP function parameter host failing to proper...

Tenda RX2 Pro Security Bypass Vulnerability (CNVD-2025-13837)

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. A security bypass vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to cause access to the router and other network resources...

Google Chrome Security Bypass Vulnerability (CNVD-2025-10055)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 136.0.7103.59, which stems from an improper implementation in DevTools, and can be exploited by an attacker to cause an access control bypass...

TOTOLINK CA600-PoE setUpgradeFW Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the setUpgradeFW function failing to properly filter construct command special characters, commands, etc. No detailed...

D-Link DIR-816 A2 Command Injection Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a command injection vulnerability that stems from iptablesWebsFilterRun failing to properly filter constructor command special characters, commands, etc. No detailed vulnerability details are...

Unspecified Vulnerability in RT-Labs P-Net (CNVD-2025-10050)

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and prior versions, which can be exploited by an attacker to cause an IO...

Unspecified Vulnerability in RT-Labs P-Net (CNVD-2025-10049)

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and earlier, which stems from a null pointer dereference, and can be exploit...

WordPress Seznam Webmaster plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Seznam Webmaster plugin, which stems from the WEB application not adequately verifying that a request is comin...

D-Link DIR-880L /htdocs/ssdpcgi File Command Injection Vulnerability

The D-Link DIR-880L is a dual-band Gigabit wireless router from China's AUO D-Link. The D-Link DIR-880L suffers from a command injection vulnerability, which arises from the failure of the file /htdocs/ssdpcgi in the component Request Header Handler to correctly filter the constructed command...

PCMan FTP Server MGET Command Handler Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the MGET command handler failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of...

Tenda DAP-1520 mod_graph_auth_uri_handler function buffer overflow vulnerability

Tenda DAP-1520 is a dual-band wireless access point from Tenda China. The Tenda DAP-1520 suffers from a buffer overflow vulnerability that originates from the failure of the modgraphauthurihandler function in file/storage to properly validate the length of the input data, which could be exploited...

TOTOLINK CA300-PoE Command Injection Vulnerability

TOTOLINK CA300-PoE is a wireless access point from China's Gion Electronics TOTOLINK. The TOTOLINK CA300-PoE suffers from a command injection vulnerability that stems from the failure of the msgprocess function Port parameter to correctly filter constructed command special characters, commands,...

Microsoft Azure Functions Data Forgery Issue Vulnerability

Microsoft Azure Functions is a hosted Platform-as-a-Service PaaS provider from Microsoft Corporation USA that provides event-driven and scheduled compute resources for Azure cloud services. Microsoft Azure Functions has a data forgery issue vulnerability that stems from improper cryptographic...

Tenda AC9 formsetUsbUnload Function Command Injection Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. Tenda AC9 suffers from a command injection vulnerability, which arises from the deviceName parameter of the formsetUsbUnload function failing to correctly filter constructed command special characters, commands, etc. The vulnerability...

Unspecified Vulnerability in RT-Labs P-Net (CNVD-2025-10053)

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and prior versions, which can be exploited by an attacker to cause an IO...

D-Link DIR-600L formWlSiteSurvey function buffer overflow vulnerability

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the formWlSiteSurvey function parameter host failing to...

Tenda DAP-1520 check_dws_cookie function buffer overflow vulnerability

Tenda DAP-1520 is a dual-band wireless access point from Tenda China. The Tenda DAP-1520 suffers from a buffer overflow vulnerability, which originates from the function checkdwscookie in file/storage failing to correctly validate the length and size of the input data, which can be exploited by a...

TOTOLINK CA600-PoE recvUpgradeNewFw Function Command Injection Vulnerability

TOTOLINK CA600-PoE is an outdoor wireless AP/CPE device from China Gion Electronics TOTOLINK. TOTOLINK CA600-PoE suffers from a command injection vulnerability that stems from the recvUpgradeNewFw function failing to properly filter construct command special characters, commands, etc. No detailed...

Tenda RX2 Pro setLanCfg API Endpoint Input Validation Error Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an input validation error vulnerability that stems from a lack of input validation in the setLanCfg API endpoint, which can be exploited by an attacker to gain root shell access...

Samsung PENUP Access Control Error Vulnerability

Samsung PENUP is a digital painting application from the South Korean company Samsung SAMSUNG. Samsung PENUP is vulnerable to an Access Control Error vulnerability that stems from improper access control, no details of the vulnerability are provided at this time...

Employee Record Management System changepassword.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter currentpassword in the file changepassword.php. An...

NETGEAR RAX5 reset_wifi function command injection vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. NETGEAR RAX5 suffers from a command injection vulnerability, which stems from the devname parameter in the resetwifi function failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be exploited t...

Unspecified Vulnerability in PyTorch (CNVD-2025-23289)

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that originates from improper handling of the function torch.cuda.nccl.reduce in the file torch/cuda/nccl.py, which can be exploited by an attacker to cause a denial of service...

Oracle OpenGrok Cross-Site Scripting Vulnerability

Oracle OpenGrok is the United States Oracle Oracle company a fast and efficient source code search and cross-reference tool that supports a variety of programming languages for navigation and analysis of large code libraries. Oracle OpenGrok suffers from a cross-site scripting vulnerability that...

Linux kernel null pointer dereference vulnerability (CNVD-2025-10179)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from an unverified region HPA order that could lead to a null pointer dereference. An attacker cou...

Linux kernel null pointer dereference vulnerability (CNVD-2025-10178)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from a failure to check the transportadddevice return value in sasphyadd, which could result in a...

Linux kernel null pointer dereference vulnerability (CNVD-2025-10176)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from not verifying the validity of a decoder, which could lead to a null pointer dereference. An...

Linux kernel competitive conditions vulnerability (CNVD-2025-10175)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a competitive condition vulnerability that stems from nftables not releasing stream rule objects in a timely manner, which could lead to a memory leak...

Linux kernel memory leak vulnerability (CNVD-2025-10174)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that stems from nfcmrvli2cncisend not freeing the skb, which could lead to a memory leak. No details of the vulnerability...

Siemens OZW Web Servers Code Execution and SQL Injection Vulnerability

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

Siemens OZW Web Server Code Execution and SQL Injection Vulnerabilities (CNVD-2025-10579 )

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

Huawei HarmonyOS Unauthorized Access Vulnerability (CNVD-2025-11077)

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an unauthorized access vulnerability that originates from a web search command authentication module bypass. An attacker can exploit the vulnerability to authenticate and access unauthorized...

Huawei HarmonyOS Out-of-Bounds Read Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an out-of-bounds read vulnerability, no details of the vulnerability are provided at this time...

Huawei HarmonyOS Null Pointer Reference Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from a null pointer reference vulnerability, no details of the vulnerability have been provided...

Huawei HarmonyOS Improper Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an Improper Privilege Control vulnerability that stems from improper privilege control of the Media Library module, which affects service confidentiality. No details of the vulnerability are...

Zoom Workplace Cross-Site Scripting Vulnerability

Zoom Workplace is an AI-first collaboration platform from Zoom that integrates core features such as team communication, meetings, document collaboration, and a built-in AI Companion smart assistant to boost productivity. Zoom Workplace suffers from a cross-site scripting vulnerability that can b...

Park Ticketing Management System edit-ticket.php File SQL Injection Vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from improper handling of the tprice parameter in the edit-ticket.php file. No details of the vulnerability are available at this time...

Beijing Zhibang International Software Technology Co., Ltd information leakage vulnerability in Zhibang International ERP

Ltd. is a company mainly engaged in the design, development, sales and service of integrated ERP classic, industry, simple, cloud application, intelligent SAAS platform and other enterprise management software. Beijing ZhiBang International Software Technology Co., Ltd ZhiBang International ERP...

COVID19 Testing Management System /login.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter Username in the file /login.php resulting in SQL injection. No details ...

ChurchCRM EventEditor.php Page SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a time-based SQL blind injection vulnerability in the EID POST parameter of the EventEditor.php page. No detailed vulnerability details are provided at this time...

Cyber Cafe Management System add-computer.php File SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter compname/comploc in the file add-computer.php resulting in SQL injection. No details of the...

Online Birth Certificate System /admin/bwdates-reports-details.php File SQL Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System has a SQL injection vulnerability that originates from an incorrect manipulation of the parameter fromdate in the /admin/bwdates-reports-details.php file that results in SQL injection. No detail...

Company Visitor Management System /admin-profile.php File SQL Injection Vulnerability

Company Visitor Management System is a visitor management system. Company Visitor Management System is vulnerable to a SQL injection vulnerability that originates from an incorrect manipulation of the parameter adminname in the file /admin-profile.php that results in SQL injection. No details of...

Company Visitor Management System /visitor-detail.php File SQL Injection Vulnerability

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that stems from improper manipulation of the parameter editid in the file /visitor-detail.php, no details of the vulnerability are available at this time...

Teacher Subject Allocation Management System /search.php File SQL Injection Vulnerability

Teacher Subject Allocation Management System a teacher subject allocation management system. The Teacher Subject Allocation Management System is vulnerable to a SQL injection vulnerability that results from incorrect manipulation of the searchdata parameter in the file /admin/search.php. No detai...

Human Metapneumovirus Testing Management System /add-phlebotomist.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System has a SQL injection vulnerability that originates from improper manipulation of the parameter empid in the file /add-phlebotomist.php. No details of...

Notice Board System bwdates-reports-details.php File SQL Injection Vulnerability

Notice Board System is a bulletin board system. Notice Board System has a SQL injection vulnerability that stems from improper handling of the parameters fromdate/tomdate in the file /bwdates-reports-details.php. No details of the vulnerability are available at this time...

Online Birth Certificate System between-dates-report.php File SQL Injection Vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System is vulnerable to a SQL injection vulnerability that stems from incorrect manipulation of the parameter fromdate in the file /admin/between-dates-report.php resulting in SQL injection. No details...

Huawei HarmonyOS Unauthorized Access Vulnerability

Huawei HarmonyOS is an operating system from the Chinese company Huawei. Huawei HarmonyOS suffers from an unauthorized access vulnerability that stems from unauthorized access to the application lock module. An attacker can exploit the vulnerability to authenticate and access unauthorized resourc...