Denial of Service Vulnerability in H3C NX54 of Xinhua San Technologies Co.

The H3C NX54 is a Gigabit dual-band router that supports the Wi-Fi 6 802.11ax protocol. A denial of service vulnerability exists in the H3C NX54 of Xinhua San Technologies Co. that can be exploited by attackers to cause a denial of service...

PCMan FTP Server Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from unknown code in the RNTO command processor. No detailed vulnerability details are provided at this time...

PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10716)

PCMan FTP Server is a free FTP server software developed by PCMan. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from certain unknown processing of the SMNT command processor resulting in a buffer overflow. No detailed vulnerability details are provided at this tim...

Arbitrary File Read Vulnerability in iKuai of AllConvergence Network Technology (Beijing) Co.

Quanxun Convergence Network Technology Beijing Co., Ltd. was founded in 2013, love fast, iKuai is the company's product brand, iKuic is the company's overseas product brand. All Answers Convergence Network Technology Beijing Co. iKuai has an arbitrary file read vulnerability that can be exploited...

SQL Injection Vulnerability in E-Call Intercom System of Beijing Divine Viewpoint Technology Co.

Ltd. is a professional provider of network audio-video and informatization solutions in the fields of intelligent hospital, intelligent education and information dissemination. There is a SQL injection vulnerability in the E-call intercom system of Beijing Divine Viewpoint Technology Co., Ltd,...

Tenda AC9 Command Injection Vulnerability

Tenda AC9 is a router firmware. Tenda AC9 suffers from a command injection vulnerability that stems from improper handling of the Telnet function, which could lead to the execution of arbitrary commands. No detailed vulnerability details are provided at this time...

Arbitrary File Download Vulnerability in Cloud Desktop of Xinhua San Technologies Co.

Xinhua San Technology Co., Ltd. is an industry-leading leader in digital solutions. An arbitrary file download vulnerability exists in the cloud desktop of Xinhua San Technologies Limited, which can be exploited by attackers to download arbitrary files and obtain sensitive information...

PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10715)

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates in the RNFR command processor. No detailed vulnerability details are provided at this time...

Google ChromeOS Post-Release Usage Vulnerability

Google ChromeOS is an operating system based on the Linux kernel. Google ChromeOS suffers from a use-after-release vulnerability that stems from the presence of a competing conditional use-after-release reuse in the virtiotransportspaceupdate function, which can be exploited by an attacker to cau...

Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2025-09667)

The Tenda AC1206 is a wireless Gigabit router from Tenda China. The Tenda AC1206 suffers from a buffer overflow vulnerability that affects the formSetCfm function in the /goform/setcfm file. An attacker can exploit this vulnerability to execute arbitrary code...

NETGEAR RAX50 Command Injection Vulnerability

The NETGEAR RAX5 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR RAX50. The vulnerability stems from improper handling of the ifname parameter in the apclidoenrpinwps function, which can be exploited by an attacker to launch an attack and cause the syste...

Apache Traffic Server (ATS) Environment Issue Vulnerability

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server ATS suffers from an environmental issue vulnerability that stems from malformed chunked messages that could lead to request smuggling. An attacker...

Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2025-09668)

The Tenda AC1206 is a wireless Gigabit router from Tenda China. The Tenda AC1206 suffers from a buffer overflow vulnerability that originates from the setSchedWifi function in the /goform/openSchedWifi file. An attacker can exploit this vulnerability to launch an attack and cause a buffer overflo...

TOTOLINK A810R Trust Management Issue Vulnerability

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A trust management issue vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the presence of hardcoded passwords in product.ini. An attacker can exploit the vulnerability to...

TOTOLINK A810R setParentalRules function buffer overflow vulnerability

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from the startTime and endTime parameters in the setParentalRules function failing to correctly validate t...

TOTOLINK A810R Buffer Overflow Vulnerability (CNVD-2025-09863)

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a buffer overflow vulnerability, which stems from the v25 parameter in downloadFile.cgi failing to properly validate the length and size of the input data, which can be exploited ...

TOTOLINK A810R Buffer Overflow Vulnerability

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a buffer overflow vulnerability, which stems from the failure of the v14 and v3 parameters in downloadFile.cgi to properly validate the length and size of the input data, whic...

TOTOLINK A810R cstecgi.cgi Component Buffer Overflow Vulnerability

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A810R version V4.1.2cu.5182B20201026, which stems from cstecgi.cgi failing to correctly validate the length and size of the input data, and can be exploited by ...

TOTOLINK A800R Command Injection Vulnerability (CNVD-2025-09933)

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A800R suffers from a command injection vulnerability that stems from the QUERYSTRING parameter in downloadFile.cgi failing to correctly filter constructed command special characters, commands, and so on. No...

TOTOLINK A800R downloadFile.cgi Component Buffer Overflow Vulnerability

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A800R version V4.1.2cu.5137B20200730, which stems from a security issue in the downloadFile.cgi component, and can be exploited by remote attackers to execute arbitrary...

Tenda AC9 /goform/WifiWpsStart Interface Buffer Overflow Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a buffer overflow vulnerability that originates from /goform/WifiWpsStart failing to properly validate the length and size of input data, which can be exploited by an attacker to execute arbitrary code on the...

Tenda AC9 /goform/SetSysAutoRebbotCfg Interface Buffer Overflow Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a buffer overflow vulnerability that originates from the rebootTime parameter of /goform/SetSysAutoRebbotCfg that fails to properly validate the length of the input data, which can be exploited by an attacker...

Moodle Information Disclosure Vulnerability (CNVD-2025-10585)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive student...

Moodle Information Disclosure Vulnerability (CNVD-2025-10584)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from a security issue that can be exploited by an...

NVIDIA TensorRT-LLM python executor code issue vulnerability

NVIDIA TensorRT-LLM is a high-performance inference acceleration library from NVIDIA for defining, optimizing, and executing inference in production environments for large language models LLMs. A code issue vulnerability exists in NVIDIA TensorRT-LLM that stems from insufficient data validation a...

SonicWall SMA1000 Cross-Site Request Forgery Vulnerability

The SonicWALL SMA1000 is a series of secure mobile access solutions from SonicWALL USA. The SonicWALL SMA1000 suffers from a cross-site request forgery vulnerability that originates from a server-side request forgery on the interface under certain conditions, which can be exploited by an attacker...

SAP Learning Solution Cross-Site Request Forgery Vulnerability

SAP Learning Solution is an enterprise-wide learning management system from SAP. SAP Learning Solution suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could explo...

Unauthorized Access Vulnerability in NetDrive Unified Communications Platform of Beijing NetDrive Network Technology Co.

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. An unauthorized access vulnerability exists in the NetDrive Unified Communications Platform of...

SQL Injection Vulnerability in NetDrive Unified Communication Platform of Beijing NetDrive Network Technology Co.

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. A SQL injection vulnerability exists in the NetDrive Unified Communications Platform of Beijing...

Unauthorized Access Vulnerability in NetDrive Unified Communications Platform of Beijing NetDrive Network Technology Co.

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. An unauthorized access vulnerability exists in NetDrive Unified Communications Platform of...

Beijing NetDynamic Network Technology Co., Ltd. NetDynamic unified communication platform suffers from sql injection vulnerability

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. A sql injection vulnerability exists in the NetDrive Unified Communications Platform of Beijing...

Tenda AC9 /goform/WifiBasicSet Interface Buffer Overflow Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC9 version V15.03.05.14multi, which originates from the /goform/WifiBasicSet security parameter that fails to properly validate the length of the input data, and can be exploited by a...

IBM WebSphere Application Server Server-Side Request Forgery Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A server-side request forgery vulnerability exists in IB...

IBM InfoSphere Information Server Plaintext Transfer Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A plaintext transfer vulnerability exists in IBM InfoSphere Information Server version 11.7, whi...

IBM InfoSphere Information Server Access Control Error Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An access control error vulnerability exists in IBM InfoSphere Information Server version 11.7,...

IBM Operational Decision Manager Cross-Site Scripting Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Online Class and Exam Scheduling System class_sched.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. A cross-site scripting vulnerability exists in Online Class and Exam Scheduling System, which stems from a lack of validation of the class parameter in the file /Scheduling/pages/classsched.php against an...

Delta Electronics ISPSoft Stack Buffer Overflow Vulnerability (CNVD-2025-12375)

Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code using debugging logic when parsing CBDGL files...

Delta Electronics ISPSoft Stack Buffer Overflow Vulnerability

Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. A stack buffer overflow vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code while parsing a DVP file...

PCMan FTP Server Buffer Overflow Vulnerability (CNVD-2025-10689)

PCMan FTP Server is PCMan open source content management system . PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the component RENAME Command Handler failing to properly validate the length and size of input data, which can be exploited by an attacker to cause ...

Student Record System change-password.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter currentpassword in the file /change-password.php. An attacker can exploit this...

Apache Tomcat Input Validation Error Vulnerability (CNVD-2025-10031)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. An input validation error vulnerability exists in Apache Tomcat that stems from improperly neutralizing escape, meta, or control...

Newforma Project Center Server Remote Code Execution Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A remote code execution vulnerability exists in Newforma Project...

Online Nurse Hiring System edit-nurse.php File SQL Injection Vulnerability

Online Nurse Hiring System is an online nurse hiring system. Online Nurse Hiring System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the file /admin/edit-nurse.php. An attacker can exploit this vulnerability to execut...

Online Nurse Hiring System view-request.php File SQL Injection Vulnerability

Online Nurse Hiring System is an online nurse hiring system. Online Nurse Hiring System suffers from a SQL injection vulnerability that originates from the lack of validation of the viewid parameter in the file /admin/view-request.php against an externally-entered SQL statement. An attacker can u...

Prison Management System Stack Buffer Overflow Vulnerability

Prison Management System is a prison management system. Prison Management System suffers from a stack buffer overflow vulnerability that originates from the parameter filename of the addrecord function in the PrisonMgmtSys component that fails to properly validate the length of the input data,...

Online Class and Exam Scheduling System profile_update.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that originates from a lack of validation of the parameter username in the file /Scheduling/pages/profileupdate.php against...

COVID19 Testing Management System test-details.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. The COVID19 Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Status in the /test-details.php...

Notice Board System category.php file SQL injection vulnerability

Notice Board System is a bulletin board system. A SQL injection vulnerability exists in the Notice Board System, which originates from the lack of validation of externally entered SQL statements in the /category.php file with the parameter catname. An attacker can exploit this vulnerability to...

Open5GS Input Validation Error Vulnerability

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. An input validation error vulnerability exists in Open5GS v2.7.2 and earlier versions, which stems from a PFCP session parameter validation failure, and can be exploited b...