Planet UNI-NMS-Lite Trust Management Issues Vulnerability

Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite suffers from a trust management issue vulnerability that can be exploited by an attacker to submit a special reques...

Planet UNI-NMS-Lite Trust Management Issues Vulnerability

Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite is vulnerable to a trust management issue that can be exploited by an attacker to submit a special request that can...

SQL Injection Vulnerability in Smart Reporting Online Business Hall of Xintian Technology Co.

Xintian Technology Co., Ltd. is a professional manufacturer and supplier of water meters, energy meters and gas meters. A SQL injection vulnerability exists in the Smart Reporting Online Business Office of Xintian Technology Company Limited, which can be exploited by attackers to obtain sensitive...

TOTOLINK A950RG NoticeUrl Parameter Arbitrary Command Execution Vulnerability

TOTOLINK A950RG is a gaming router and smart router that supports 2.4GHz and 5GHz dual band. The TOTOLINK A950RG suffers from a command execution vulnerability that originates from the NoticeUrl parameter in the setNoticeCfg function, which can be exploited by an attacker to execute arbitrary...

Unauthorized Access Vulnerability in H3C Magic NX15000 of Xinhua San Technologies Co.

The H3C Magic NX15000 is a 10 Gigabit Wi-Fi 6 router. An unauthorized access vulnerability exists in the H3C Magic NX15000 of Xinhua San Technologies, which can be exploited by attackers to obtain sensitive information...

Planet UNI-NMS-Lite System Command Injection Vulnerability

Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite suffers from a command injection vulnerability that can be exploited by an attacker to submit a special request to...

Google ChromeOS Memory Misreference Vulnerability

Google ChromeOS is a set of Web-based lightweight open source operating system from Google Google. Google ChromeOS suffers from a memory misreference vulnerability that is caused by a flaw in ComponentInstaller. An attacker could exploit the vulnerability to intercept device management requests b...

Dell PowerScale OneFS Resource Consumption Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. A resource consumption vulnerability exists in Dell PowerScale OneFS that stems from uncontrolled resource consumption and can be exploited by an attacker to cause a denial of service...

Dell PowerScale OneFS Integer Overflow Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. Dell PowerScale OneFS suffers from an integer overflow vulnerability that stems from a failure to properly validate user input, which can be exploited by an attacker to cause a denial of service...

Dell PowerScale OneFS Default Password Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. Dell PowerScale OneFS suffers from a default password vulnerability that stems from the use of default passwords, which can be exploited by an attacker to cause an elevated privilege account to be taken over...

Dell Trusted Device Elevation of Privilege Vulnerability

Dell Trusted Device is an application from Dell USA. An elevation of privilege vulnerability exists in Dell Trusted Device, which stems from a misconfiguration of the default privileges and can be exploited by an attacker to elevate privileges...

Dell Trusted Device Backlink Vulnerability

Dell Trusted Device is an application from Dell USA. Dell Trusted Device suffers from a backlink vulnerability that stems from improper link resolution and can be exploited by an attacker to cause an elevation of privilege...

Information Disclosure Vulnerability in Oracle E-Business Suite

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. An information disclosure vulnerability exists in Oracle User Management for Oracle E-Business Suite, which arises from a flaw in the search and register users component and can be exploited by a...

Denial of Service Vulnerability in Oracle Application Object Library

Oracle Application Object Library is a system management component of Oracle Corporation. A denial of service vulnerability exists in Oracle Application Object Library, which can be exploited by an attacker to cause a denial of service...

Google Chrome OS Out-of-Bounds Read Vulnerability

Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an out-of-bounds read vulnerability that stems from a lack of proper validation of user-supplied data in ipsetbitmapip.c, which can be exploited by an attacker to cause memory...

D-Link DIR-816 A2 Command Injection Vulnerability

The D-Link DIR-816 A2 is a home and small office SOHO wireless router from D-Link. A command injection vulnerability exists in the D-Link DIR-816 A2. The vulnerability originates in the /goform/delRouting path. No detailed vulnerability details are provided at this time...

SonicWall NetExtender Windows client Improper Link Resolution Vulnerability

SonicWALL NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL USA. The SonicWALL NetExtender Windows client suffers from an improper link resolution vulnerability that stems from improper link resolution, which can be exploited by an...

Command Execution Vulnerability in UFIDA U8Cloud at UFIDA Network Technology Co.

UFIDA U8Cloud is an enterprise-level ERP used to assist companies in achieving efficient and digitalized business collaboration and process management. A command execution vulnerability exists in UFIDA U8Cloud, which can be exploited by an attacker to execute arbitrary commands...

TOTOLINK N600R setWanConfig function buffer overflow vulnerability

The TOTOLINK N600R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N600R suffers from a buffer overflow vulnerability that originates from the macCloneMac parameter in the setWanConfig function failing to properly validate the length and size of the input data, which can...

TOTOLINK A810R Command Execution Vulnerability

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a command execution vulnerability that stems from the failure of the NoticeUrl parameter in the setNoticeCfg function to correctly filter constructed command special character...

TOTOLINK X18 Command Execution Vulnerability

The TOTOLINK X18 is a wireless router from TOTOLINK that provides a high-speed and stable wireless network connection. The TOTOLINK X18 suffers from a command execution vulnerability that originates in the enable parameter of the sub41105C function of the cstecgi.cgi file. An attacker can exploit...

Tenda AC10 serverName2 parameter buffer overflow vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. The Tenda AC10 suffers from a buffer overflow vulnerability that originates from the serverName2 parameter in AdvSetMacMtuWan failing to properly validate the length and size of the input data, which can be exploited by an attack...

Tenda AC10 mac2 parameter buffer overflow vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. The Tenda AC10 suffers from a buffer overflow vulnerability that originates from the mac2 parameter in AdvSetMacMtuWan failing to properly validate the length and size of the input data, which can be exploited by an attacker to...

Tenda AC10 wanSpeed2 Parameter Buffer Overflow Vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. The Tenda AC10 suffers from a buffer overflow vulnerability that stems from the wanSpeed2 parameter in AdvSetMacMtuWan failing to correctly validate the length and size of the input data, which can be exploited by an attacker to...

Tenda AC10 cloneType2 parameter buffer overflow vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. The Tenda AC10 suffers from a buffer overflow vulnerability that stems from the cloneType2 parameter in AdvSetMacMtuWan failing to correctly validate the length and size of the input data, which can be exploited by an attacker to...

IBM Sterling Control Center Cross-Site Scripting Vulnerability (CNVD-2025-09285)

IBM Sterling Control Center is an application system from International Business Machines IBM. A centralized monitoring and management system. IBM Sterling Control Center suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...

IBM Aspera Console Encryption Issue Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. An encryption issue vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from the use of a...

Apache Roller Code Issue Vulnerability

Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. A code issue vulnerability exists in Apache Roller 6.1.4 and earlier versions, which stems from a password change that does not properly invalidate the session and can be exploited ...

Edimax BR-6478AC formDiskCreateGroup function command execution vulnerability

Edimax BR-6478AC is a dual-band Gigabit router from China Xunzhou Edimax. The Edimax BR-6478AC suffers from a command execution vulnerability that originates from the groupname parameter in /boafrm/formDiskCreateGroup failing to correctly filter construct command special characters, commands, etc...

Google Chrome OS Information Disclosure Vulnerability (CNVD-2025-09152)

Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an information disclosure vulnerability that stems from a failure to properly tunnel DNS traffic during VPN state transitions, for which no detailed vulnerability details are...

Google Chrome OS Access Control Error Vulnerability (CNVD-2025-09151)

Google Chrome OS is a lightweight, open source, web-based operating system from Google. Google Chrome OS suffers from an Access Control Error vulnerability that stems from insufficient configuration access control in the Gerrit project, which can be exploited by an attacker to cause remote code...

FoxCMS Field.php File SQL Injection Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.25 and previous versions of SQL injection vulnerability, the vulnerability stems from /admin/util/Field.php $param title parameter lack of validation of external input SQL statements. An attacker...

GNU Mailman Command Injection Vulnerability

GNU Mailman is a mailing list management software commonly used to create, manage and maintain mailing lists. A command injection vulnerability exists in GNU Mailman. The vulnerability stems from a failure to properly filter shell metacharacters in the subject line of an email message. An attacke...

Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14963)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query the total energy consumption information of any...

TOTOLINK N600R setWiFiWpsConfig function buffer overflow vulnerability

The TOTOLINK N600R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N600R suffers from a buffer overflow vulnerability that stems from the pin parameter in the setWiFiWpsConfig function failing to properly validate the length size of the input data, which can be exploited...

D-Link DIR-832x 0x417234 Function Command Injection Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-832x suffers from a command injection vulnerability that stems from the failure of function 0x417234 to correctly filter construct command special characters, commands, and so on. An attacker can exploit this...

D-Link DIR-832x 0x42232c Function Command Injection Vulnerability

The D-Link DIR-832x is a wireless router from China's AUO D-Link. The D-Link DIR-832x suffers from a command injection vulnerability that stems from the macaddr key value and the function 0x42232c failing to properly filter constructed command special characters, commands, and so on. An attacker...

D-Link DIR-832x 0x41dda8 Function Code Injection Vulnerability

The D-Link DIR-832x is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-832x, which stems from the function 0x41dda8 failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability to...

Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14964)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a list of smart devices via a valid username...

TOTOLINK EX1200T Code Execution Vulnerability

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. A code execution vulnerability exists in the TOTOLINK EX1200T. The vulnerability stems from the FileName parameter in the setUpgradeFW function for...

TOTOLINK EX1200T Command Execution Vulnerability

The TOTOLINK EX1200T is a wireless router from TOTOLINK that offers convenient network connectivity and management features. The TOTOLINK EX1200T suffers from a command execution vulnerability that originates from the presence of a pre-authenticated remote command execution of the webWlanIdx...

TOTOLINK A800R Buffer Overflow Vulnerability

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK A800R suffers from a buffer overflow vulnerability that stems from downloadFile.cgi failing to properly validate the length size of the input data, no details of the vulnerability are provided at this time...

Mattermost Mobile Apps Information Disclosure Vulnerability

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. Mattermost Mobile Apps suffers from an information disclosure vulnerability that stems from a failure to properly terminate a session when logging out, which can be exploited by an attacker to disclose sensitive...

Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14959)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's plant list by username...

Ivanti LANDesk Management Gateway Directory Traversal Vulnerability

Ivanti LANDesk Management Gateway is a solution for remote management and control of IT devices, primarily designed to simplify the management and maintenance of devices in corporate environments. A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway. The vulnerability...

Growatt Cloud Applications Authorization Bypass Vulnerability (CNVD-2025-14960)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's email by knowing the username, resulting in a...

Growatt Cloud Applications Authorization Bypass Vulnerability

Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain restricted information about a user's smart devic...

Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14965)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain information about another user's electric vehic...

Growatt Cloud Applications Security Bypass Vulnerability (CNVD-2025-14962)

Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to add another user's device to a scenario...

Growatt Cloud Applications Information Disclosure Vulnerability

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query API endpoints and obtain device details...