Dell Unity OS Command Injection Vulnerability (CNVD-2025-06614)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

TOTOLINK A800R Command Execution Vulnerability

The TOTOLINK A800R is a wireless router manufactured by TOTOLINK. A command execution vulnerability exists in the TOTOLINK A800R. The vulnerability stems from a flaw in the processing of user input via the NoticeUrl parameter in the setNoticeCfg function, which can be exploited by an attacker to...

TOTOLINK A810R Buffer Overflow Vulnerability

The TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a buffer overflow vulnerability that originates from downloadFile.cgi failing to properly validate the length and size of input data, which can be exploited by an attacker to...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2025-06807)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server version 11.7, which stems...

Moodle Permission Issues Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. A vulnerability exists in Moodle for privilege issues. The vulnerability stems from insufficient permission checking that allo...

WeGIA SQL Injection Vulnerability (CNVD-2025-22280)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

Wyse Management Suite Information Disclosure Vulnerability

Wyse Management Suite is a software solution from Dell for managing and monitoring client devices and virtual desktop infrastructures. An information disclosure vulnerability exists in Wyse Management Suite. The vulnerability results in the disclosure of sensitive information due to a data query...

Payroll Management System SQL Injection Vulnerability (CNVD-2025-06475)

Payroll Management System is a payroll management system. A SQL injection vulnerability exists in Payroll Management System version 1.0 due to a lack of validation of externally entered SQL statements in the parameter emptype. An attacker can exploit this vulnerability to execute illegal SQL...

File Upload Vulnerability in MCMS of Jiangxi Minsoft Technology Co.

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

HDF5 Double Release Vulnerability

HDF5 is a library of HDF open source . HDF5 has a double release vulnerability, which originates from the double release of the parameter mem of the function H5MMrealloc in the file src/H5MM.c. There are no detailed vulnerability details provided...

Tenda W6-S setcfm function buffer overflow vulnerability

Tenda W6-S is a 300Mbps wireless panel AP designed for large households such as homes, hotels and villas to provide stable wireless network coverage and low latency network experience. The Tenda W6-S suffers from a buffer overflow vulnerability that originates from the setcfm function failing to...

HDF5 H5F__accum_free function buffer overflow vulnerability

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Faccumfree function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

HDF5 H5F_addr_encode_len function buffer overflow vulnerability

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Faddrencodelen function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...

TOTOLINK A3100R Code Execution Vulnerability

TOTOLINK A3100R is a series of wireless routers from China's Gion Electronics TOTOLINK. The TOTOLINK A3100R suffers from a code execution vulnerability that stems from setWebWlanIdx failing to properly filter construct command special characters, commands, and so on. An attacker can exploit this...

PyTorch Denial of Service Vulnerability (CNVD-2025-23355)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a denial of service vulnerability caused by a floating point exception in the function torch.mkldnnmaxpool2d. An attacker can exploit this vulnerability to cause a denial of service...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from base64 encoded passwords being exposed in build logs. An attacker can exploit the vulnerabilit...

WeGIA SQL Injection Vulnerability (CNVD-2025-22279)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of the idfuncionario parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-22281)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability for which no detailed vulnerability details are currently available...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06618)

Dell Unity is a set of virtual Unity storage environments from Dell USA. Dell Unity suffers from an OS command injection vulnerability that can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06617)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

TOTOLINK A3002R Command Injection Vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from bandstr failing to correctly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability to...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06620)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06622)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06621)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2025-13586)

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from an information disclosure vulnerability that stems from mishandling of an exception that results in the disclosure of credentials on the cloud...

Information Leakage Vulnerability in Network Intrusion Protection System of Beijing Shenzhou Green Alliance Technology Co.

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. There is an information leakage vulnerability in the network intrusion prevention system of Beijing Shenzhou Green Alliance Technology Co. Ltd, which...

Tenda FH1202 Access Control Error Vulnerability (CNVD-2025-08907)

The Tenda FH1202 is a wireless router from Tenda China. The Tenda FH1202 is vulnerable to an access control error vulnerability that stems from improper access control. No detailed vulnerability details are available at this time...

HDF5 H5HL__fl_deserialize function heap buffer overflow vulnerability

HDF5 is a library of HDF open source . HDF5 suffers from a heap buffer overflow vulnerability. The vulnerability stems from the mishandling of the freeblock parameter by the H5HLfldeserialize function in the src/H5HLcache.c file. No detailed vulnerability details are provided at this time...

Tenda W6_S Buffer Overflow Vulnerability (CNVD-2025-08906)

Tenda W6S is a wireless router. The Tenda W6S suffers from a buffer overflow vulnerability that originates when the setlocaltime function does not validate the length of the time parameter when processing the time parameter passed via a POST request, resulting in a buffer overflow that can be...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06619)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

Shenzhen Qixin Haozitong Cloud Computing Co., Ltd. Haozitong-Cloud Conference has file upload vulnerability

GoodView-Cloud Conference is a network video conference product based on cloud computing technology. Shenzhen Qixin Haozitong Cloud Computing Co., Ltd Haozitong-Cloud Conference has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Apple macOS Sonoma Out-of-Bounds Read Vulnerability

Apple macOS Sonoma is a version of the Mac operating system released by Apple on June 5, 2023, featuring upgrades in personalized settings, video conferencing, the Safari browser, and the gaming experience. Apple macOS Sonoma suffers from an out-of-bounds read vulnerability that stems from...

Dell Unity OS Command Execution Vulnerability (CNVD-2025-08303)

Dell Unity is a mid-range storage array software from Dell EMC for data storage and management. Dell Unity suffers from an OS command execution vulnerability that can be exploited by an attacker to submit a special request to execute arbitrary commands...

WordPress Shuffle plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Shuffle plugin suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements. An attacker can exploit this...

Apple macOS Sonoma Permission Issues Vulnerability

Apple macOS Sonoma is a version of the Mac operating system released by Apple on June 5, 2023, featuring upgrades in personalized settings, video conferencing, the Safari browser, and the gaming experience. Apple macOS Sonoma suffers from a privilege issue vulnerability that stems from gaining ro...

WordPress Blue Captcha plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Blue Captcha plugin has a cross-site scripting vulnerability, the vulnerability stems from the lack...

Google gVisor elevation of privilege vulnerability (CNVD-2025-07534)

Google gVisor is a container sandboxing technology developed by Google to provide greater isolation and security for containers. An elevation of privilege vulnerability exists in Google gVisor, which can be exploited by an attacker to access restricted files...

Netgear DC112A deviceName Command Injection Vulnerability

The Netgear DC112A is a wireless router. The Netgear DC112A suffers from a command injection vulnerability that originates in the usbadv.cgi handling of the deviceName parameter, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

Apache Kylin Code Injection Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as multidimensional analytics support for Hadoop and Alluxio for very large datasets. A code injection vulnerability exists in Apache Kylin versions 4.0.0 through 5.0.1, which can be exploited b...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-08302)

Dell Unity is a mid-range storage array software from Dell EMC for data storage and management. Dell Unity suffers from an OS command injection vulnerability that can be exploited by an attacker to submit a special request to delete arbitrary files...

Dell Unity URL Redirection Vulnerability

Dell Unity is a mid-range storage array software from Dell EMC for data storage and management. Dell Unity suffers from a URL redirection vulnerability that stems from a URL redirection to an untrusted site, which could lead to a phishing attack. No details of the vulnerability are provided at th...

Zoom Workplace Denial of Service Vulnerability

Zoom Workplace is an AI-first collaboration platform from Zoom that integrates core features such as team communication, meetings, document collaboration, and a built-in AI Companion smart assistant to boost productivity. Zoom Workplace suffers from a denial-of-service vulnerability that stems fr...

Siemens Teamcenter Visualization and Siemens Tecnomatix Plant Simulation Resource Management Error Vulnerability

Siemens Teamcenter Visualization is software that provides teamwork capabilities for designing 2D and 3D scenarios. The software simplifies the engineering and manufacturing process by creating virtual prototypes from a variety of mechanical computer-aided design MCAD formats.Siemens Tecnomatix...

Google Chrome Sandbox Escape Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a sandbox escape vulnerability that stems from mishandling of a Mojo component resulting in a sandbox escape. An attacker can exploit this vulnerability to bypass the sandboxing system and execute arbitrar...

PDF-XChange Editor Out-of-Bounds Read Vulnerability (CNVD-2025-22249)

PDF-XChange Editor is a PDF file viewing software from PDF-XChange running on Microsoft Windows systems. PDF-XChange Editor suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current process...

Kentico Xperience Authentication Bypass Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an authentication bypass vulnerability that can be exploited by an attacker to cause control of managed objects...

Kentico Xperience Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary web...

Kentico Xperience Authentication Bypass Vulnerability (CNVD-2026-05134)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an authentication bypass vulnerability that can be exploited by an attacker to cause control of managed objects...

Bank Locker Management System search-report-details.php File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of the search-report-details.php file. An attacker ca...

Bank Locker Management System changeimage1.php File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editid of the changeimage1.php file. An attacker can exploit...