ZTE GoldenDB SQL Injection Vulnerability (CNVD-2025-10854)

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a SQL injection vulnerability, which can be...

ZTE GoldenDB SQL Injection Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a SQL injection vulnerability that originates...

SQL Injection Vulnerability in U8Cloud of UFIDA Network Technology Co.

U8cloud is a new-generation cloud ERP launched by UFIDA, which mainly focuses on growing and innovative enterprises and provides enterprise-level cloud ERP total solutions. A SQL injection vulnerability exists in UFIDA U8Cloud, which can be exploited by attackers to obtain sensitive database...

Dell PowerProtect Data Manager Reporting Information Disclosure Vulnerability

Dell PowerProtect Data Manager Reporting is a data protection management software. An information disclosure vulnerability exists in Dell PowerProtect Data Manager Reporting, which arises from the program's failure to properly handle template input and can be exploited by an attacker to obtain...

Unspecified Vulnerability in JetBrains Rider

JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A security vulnerability exists in JetBrains Rider that stems from a custom archive unpacker allowing arbitrary file overwrites during a remote debugging session, which can be exploit...

WordPress plugin Add custom page template code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add custom...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2025-09283)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

Siemens OpenV2G Buffer Overflow Vulnerability

Siemens OpenV2G is an open source implementation of a V2G infrastructure component from Siemens, Germany. A buffer overflow vulnerability exists in Siemens OpenV2G. The vulnerability is due to a lack of length checking by the OpenV2G EXI parsing function when parsing X509 serial numbers. An...

D-Link DWR-M961 Buffer Overflow Vulnerability

The D-Link DWR-M961 is a router from China-based AUO D-Link. The D-Link DWR-M961 suffers from a buffer overflow vulnerability that originates from the parameter Hostname in the file /boafrm/formStaticDHCP that fails to properly validate the length of the input data, which can be exploited by an...

ZTE GoldenDB Input Validation Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An input validation vulnerability exists in ZTE GoldenDB, which can be...

IBM i Content Neutralization Misconduct Vulnerability

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. IBM i suffers from a Content Neutralization Malpractice vulnerability that originates from a HTTP header Content Neutralization Malpractice, which can be exploited by a...

PyTorch Remote Command Execution Vulnerability

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a system...

Tenable Network Security Nessus Elevation of Privilege Vulnerability

Tenable Network Security Nessus is a network vulnerability scanning tool developed by Tenable Network Security to detect security vulnerabilities and configuration errors in operating systems, network devices, and applications. Tenable Network Security Nessus suffers from an elevation of privileg...

ZTE GoldenDB Access Control Error Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An Access Control Error vulnerability exists in ZTE GoldenDB, which stem...

JetBrains TeamCity Log Information Disclosure Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a log information...

ZTE GoldenDB DDE Injection Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. ZTE GoldenDB suffers from a DDE injection vulnerability, which can be...

TOTOLINK N150RT /boafrm/formWdsEncrypt File Buffer Overflow Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the parameter submit-url in the file /boafrm/formWdsEncrypt failing to correctly validate the length and size of the input data,...

Patient Record Management System edit_rpatient.php.php file SQL injection vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter id/lastname in file /editrpatient.php.php. An attacker...

TOTOLINK N150RT /boafrm/formVlan file buffer overflow vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file /boafrm/formVlan failing to properly validate the length and size of the input data, which can be...

TOTOLINK N150RT Command Injection Vulnerability (CNVD-2025-09944)

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a command injection vulnerability that stems from the parameter localPin in the file /boafrm/formWsc failing to correctly filter constructed command special characters, commands, and ...

TOTOLINK N150RT /boafrm/formStaticDHCP File Buffer Overflow Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the parameter Hostname in the file /boafrm/formStaticDHCP that fails to correctly validate the length and size of the input data,...

TOTOLINK N150RT /boafrm/formPortFw File Buffer Overflow Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the parameter servicetype in the file /boafrm/formPortFw that fails to properly validate the length of the input data, which can b...

JetBrains TeamCity Path Traversal Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A path traversal vulnerability exists in JetBrains...

Binary Vulnerability in Damon New Cloud Cache Database of Wuhan Damon Database Co.

Damon New Cloud Cache Database is a self-developed Key-Value database that is deeply compatible with native Redis. A binary vulnerability exists in the Damon New Cloud Cache Database of Wuhan Damon Database Co. Ltd, which can be exploited by attackers to cause a denial of service...

Moodle Information Disclosure Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that originates from a specific API call that discloses sensitive...

WordPress Add Google +1 plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Google...

WordPress Plugin 1 Decembrie 1918 Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

JetBrains TeamCity Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

WordPress plugin Able Player cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Able Playe...

Unspecified Vulnerability in Tenable Network Security Nessus

Tenable Network Security Nessus is a network vulnerability scanning tool developed by Tenable Network Security to detect security vulnerabilities and configuration errors in operating systems, network devices, and applications. Tenable Network Security Nessus contains a security vulnerability tha...

Dell RecoverPoint for Virtual Machines Command Execution Vulnerability

Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. A command execution vulnerability exists in Dell RecoverPoint for Virtual Machines. An attacker could use this vulnerability to modify the configuration and gain access to...

Tenda AC15 Buffer Overflow Vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. Tenda AC15 15.03.05.19 and earlier versions suffer from a buffer overflow vulnerability, which originates from the mac parameter of the function fromSetWirelessRepeat in the file /goform/WifiExtraSet failing to correctly validate...

WordPress Plugin Aeropage Sync for Airtable Has Unspecified Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin abcsubmit code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress Plugin Aeropage Sync for Airtable File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A file upload vulnerability...

TOTOLINK N150RT Buffer Overflow Vulnerability

The TOTOLINK N150RT is a wireless router from TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that stems from improper handling of the parameter submit-url in the file /boafrm/formWsc. No details of the vulnerability are provided at this time...

TOTOLINK N150RT /boafrm/formWlwds File Buffer Overflow Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a buffer overflow vulnerability that originates from the failure of the parameter submit-url in the file /boafrm/formWlwds to correctly validate the length and size of the input data,...

Rail Pass Management System /admin/search-pass.php File SQL Injection Vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that occurs when the searchdata parameter in the /admin/search-pass.php file is not properly filtered. An attacker can exploit this vulnerability to obtain...

Moodle Authorization Issues Vulnerability (CNVD-2025-09238)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from insufficient proficiency checks in certain grade...

GNU GRUB Buffer Overflow Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which stems from an integer overflow problem contained in the read module, that can be exploited by an attacker to overwrite sensitive information, thereby bypassing secure boot...

Command Execution Vulnerability in H3C Magic NX15000 10 Gigabit Wi-Fi 6 Router from Xinhua San Technology Co.

The H3C Magic NX15000 10 Gigabit Wi-Fi 6 Router is a high-end router for users and groups seeking whole-house coverage and high-quality networking. A command execution vulnerability exists in the H3C Magic NX15000 10 Gigabit Wi-Fi 6 Router from Xinhua San Technologies Co. that can be exploited by...

Logic Flaw Vulnerability in MSS Streaming Media Server at Suzhou Kodak Technology Co.

Ltd. is a leading provider of video and security products and solutions. A logic flaw vulnerability exists in the MSS streaming media server of Suzhou Kedar Technology Co. Ltd. that can be exploited by an attacker to illegally create a new user account and elevate privileges during login...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-09673)

GNU GRUB2 is a Linux system bootloader from the GNU community. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from the jfs file system module not properly checking for integer overflow issues, which can be exploited by an attacker to cause a heap out-of-bounds write issue that...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-09674)

GNU GRUB2 is a Linux system bootloader from the GNU community. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from the reiserfs fs module not properly checking for integer overflow issues, which can be exploited by an attacker to cause a heap out-of-bounds write, corrupt critic...

GNU Mailman Directory Traversal Vulnerability (CNVD-2025-09675)

GNU Mailman is a free suite of software for managing email discussions and email lists from the GNU community in the United States. GNU Mailman suffers from a directory traversal vulnerability that originates from a directory traversal that results in arbitrary file reads. An attacker could use t...

GNU Mailman Unauthorized List Creation Vulnerability (CNVD-2025-09676)

GNU Mailman is a free suite of software for managing e-mail discussions and e-mail lists from the American GNU community. An unauthorized list creation vulnerability exists in GNU Mailman, which stems from unauthorized creation of lists and could lead to resource abuse. No details of the...

Information Leakage Vulnerability in NetDrive Unified Communication Platform of Beijing NetDrive Network Technology Co.

Ltd. is the industry's leading provider of "Xinchuang - Digital Intelligence" video products and solutions. An information leakage vulnerability exists in the NetDrive Unified Communications Platform of Beijing NetDrive Network Technology Co., Ltd, which can be exploited by attackers to obtain...

Google Android Information Disclosure Vulnerability

Google Android is a Linux-based operating system from the American company Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of permission checking to access media content belonging to other users, which can be exploited by an attacker to obtain...

Google Android Elevation of Privilege Vulnerability

Google Android is a Linux-based operating system from the American company Google. Google Android suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking and can be exploited to bypass the read permission of a content provider. An attacker can exploit the...

Tenda W12/i24 Stack Overflow Vulnerability

The Tenda W12 and i24 is a wireless router made by Tenda. A stack overflow vulnerability exists in Tenda W12 and i24. The vulnerability originates from the function cgiPingSet in the /bin/httpd file.No detailed vulnerability details are available at this time...