Hostel Management System change-password.php File Session Hijacking Vulnerability

Hostel Management System is a hostel management system. Hostel Management System has a session hijacking vulnerability that stems from improper handling of session data in the file /hostel/change-password.php, no details of the vulnerability are available at this time...

TOTOLINK A800R v25 Parameter Buffer Overflow Vulnerability

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A800R version V4.1.2cu.5137B20200730, which stems from the v25 parameter in downloadFile.cgi failing to correctly validate the length size of the input data, and can be...

NVIDIA NvContainer Trust Management Issue Vulnerability

NVIDIA NvContainer is a container management service from NVIDIA. NVIDIA NvContainer suffers from a trust management issue vulnerability that stems from a hard-coded path issue in the use of OpenSSL, which could be exploited by an attacker to cause code execution, denial of service, elevation of...

Mattermost Input Validation Error Vulnerability (CNVD-2025-09243)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an input validation error vulnerability that stems from insufficient props validation, which can be exploited by an attacker to cause a denial of service attack...

Delta Electronics ISPSoft Out-of-Bounds Write Vulnerability (CNVD-2025-12372)

Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. An out-of-bounds write vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code while parsing an ISP file...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2025-09278)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...

Rail Pass Management System changeimage.php File SQL Injection Vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editid in the file /admin/changeimage.php. An attacker can...

Moodle Cross-Site Scripting Vulnerability (CNVD-2025-09235)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from insufficient return URL cleanup in the policy tool,...

Moodle Authorization Issues Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from an insufficient capability check, which can be...

Moodle Information Disclosure Vulnerability (CNVD-2025-09237)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the edit and delete pages of the moddata module...

Moodle Code Injection Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a code injection vulnerability that originates from a security issue in the Moodle LMS EQUELLA repository...

Unspecified Vulnerability in Moodle

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from a lack of a checking mechanism that can be exploited by an attacker to delete sections o...

Unspecified Vulnerability in Moodle

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a security vulnerability that stems from the need for additional checks to ensure that users only have access to authorized grou...

Unspecified Vulnerability in Moodle

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from an insufficient message service capability check, and can be exploited by an attacker to...

Moodle Code Injection Vulnerability (CNVD-2025-10583)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a code injection vulnerability that stems from a security issue in the Moodle LMS Dropbox repository that...

NVIDIA GPU Display Driver for Linux Privilege Elevation Vulnerability

NVIDIA GPU Display Driver for Linux is a GPU display driver. An elevation of privilege vulnerability exists in NVIDIA GPU Display Driver for Linux, which can be exploited by an attacker to submit a special request, execute arbitrary code, elevation of privilege, and more...

TOTOLINK A950RG/A810R Command Execution Vulnerability

TOTOLINK A950RG and TOTOLINK A810R are both products of China's Gion Electronics TOTOLINK.TOTOLINK A950RG is a super-generation Giga wireless router.TOTOLINK A810R is a wireless dual-band router. A command execution vulnerability exists in the TOTOLINK A950RG and TOTOLINK A810R, which stems from...

Moodle Information Disclosure Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that anonymous assignment submissions can...

TOTOLINK A800R v14 Parameter Buffer Overflow Vulnerability

The TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A800R version V4.1.2cu.5137B20200730, which stems from the v14 parameter in downloadFile.cgi failing to properly validate the length and size of the input data, and c...

IBM Maximo Asset Management Server-Side Request Forgery Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Delta Electronics ISPSoft Out-of-Bounds Write Vulnerability (CNVD-2025-12373)

Delta Electronics ISPSoft is a programmable logic controller PLC programming software from Delta Electronics. An out-of-bounds write vulnerability exists in Delta Electronics ISPSoft, which can be exploited by an attacker to execute arbitrary code while parsing a DVP file...

Moodle Information Disclosure Vulnerability

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from an insufficient capability check, which can be exploited by an attacker ...

Apache HttpClient Logic Error Vulnerability

Apache HttpClient is the United States Apache Apache Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. A logic error vulnerability exists in Apache HttpClient versions prior to 5.4.3, which stems from a P...

TOTOLINK A830R Command Injection Vulnerability (CNVD-2025-09866)

The TOTOLINK A830R is a wireless dual-band router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK A830R version V4.1.2cu.5182B20201102, which stems from the failure of the NoticeUrl parameter in the setNoticeCfg function to correctly filter constructed...

Mattermost Denial of Service Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from not validating the uniqueness and number of task actions, which can be exploited by an attacker to cause a denial of service...

Curfew e-Pass Management System pass-bwdates-report.php file SQL injection vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in the parameter fromdate/todate in the file...

Online Class and Exam Scheduling System class_save.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that stems from the lack of validation of the class parameter in the file /Scheduling/pages/classsave.php against an...

Mattermost Authorization Issues Vulnerability (CNVD-2025-09242)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an authorization issue vulnerability that stems from insufficient permissions validation, which can be exploited by an attacker to cause deletion of posts...

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2025-09236)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from the lack of an anti-cross-site request forgery...

COVID19 Testing Management System password-recovery.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contactno in the file...

Tenda W12/i24 Buffer Overflow Vulnerability

The Tenda W12 and i24 is a wireless router made by Tenda. A buffer overflow vulnerability exists in the Tenda W12 and i24. The vulnerability stems from a parameter json in /goform/modules that fails to properly validate the length and size of the input data, which can be exploited by an attacker ...

TOTOLINK N150RT LAN Settings Page Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...

COVID19 Testing Management System /patient-report.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. The COVID19 Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file...

Nipah virus Testing Management System patient-search-report.php file SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file...

Nipah virus Testing Management System profile.php file SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminname/mobilenumber in file...

Art Gallery Management System manage-art-medium.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter artmed in the file /admin/manage-art-medium.php. An attacke...

Art Gallery Management System aboutus.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pagetitle in the file /admin/aboutus.php. An attacker can...

COVID19 Testing Management System profile.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber in file /profile.ph...

TOTOLINK N150RT IP Port Filtering Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the IP Port Filtering component, whi...

TOTOLINK N150RT home.htm cross-site scripting vulnerability

The TOTOLINK N150RT is a high power wireless router device. TOTOLINK N150RT suffers from a cross-site scripting vulnerability that originates from the parameter Comment in the file /home.htm, no details of the vulnerability are provided at this time...

Information Disclosure Vulnerability in Logger1000 of Sunny Power Co.

Logger1000 is a data acquisition, power control and protocol conversion device for inverters and other photovoltaic equipment in photovoltaic power plants. Information leakage vulnerability exists in Logger1000 of Sunny Power Co. and can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to gain access to sensitive database information...

Command Execution Vulnerability in MaxKB at Hangzhou Feizhiyun Information Technology Co.

MaxKB is an open source knowledge base Q&A system based on big language model and RAG under Hangzhou Feizhiyun Information Technology Co. MaxKB has a command execution vulnerability that can be exploited by attackers to execute commands...

File Upload Vulnerability in Multi-service Intelligent Gateway of Resconda Technology Development Co.

Focusing on the field of fiber optic broadband access, Riseconda Technology Development Co., Ltd. is committed to the convergence of fiber optic technology, Ethernet technology and broadband access technology. A file upload vulnerability exists in the Multi-service Intelligent Gateway of Risconda...

Dell PowerProtect Data Manager Reporting Improperly Escaped Vulnerability

Dell PowerProtect Data Manager Reporting is a data protection management software. Dell PowerProtect Data Manager Reporting suffers from an improper escape vulnerability that stems from the program's failure to properly process output, no details of the vulnerability are available at this time...

Dell PowerProtect Data Manager Reporting Elevation of Privilege Vulnerability

Dell PowerProtect Data Manager Reporting is a data protection management software. An elevation of privilege vulnerability exists in Dell PowerProtect Data Manager Reporting, which can be exploited by an attacker to gain elevated privileges because the program fails to properly restrict API...

IBM Sterling Connect:Direct Web Services Code Issue Vulnerability

IBM Sterling Connect:Direct Web Services is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. A code issue vulnerability exists in IBM Sterling Connect:Direct Web Services that stems from a browser closing without disabling the session, no details of the...

Apache ActiveMQ NMS OpenWire Client Deserialization Vulnerability

Apache ActiveMQ NMS OpenWire Client is an American Apache Apache Foundation . A deserialization vulnerability exists in Apache ActiveMQ NMS OpenWire Client versions prior to 2.1.1, which arises from unsafe deserialization of serialized data received by an application from a user and can be...

ZTE GoldenDB Information Disclosure Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An information leakage vulnerability exists in ZTE GoldenDB, which can b...

ZTE GoldenDB Denial of Service Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. A security vulnerability exists in ZTE GoldenDB, which can be exploited ...