Yonyou UFIDA ERP-NC /login.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

Kentico Xperience has an unspecified vulnerability

Kentico Xperience is a digital experience platform from Kentico. A security vulnerability exists in Kentico Xperience that can be exploited by an attacker to cause path traversal and arbitrary file uploads, including content that can be executed server-side, leading to remote code execution...

Bank Locker Management System profile.php file SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the profile.php file's parameter mobilenumber. An attacker can exploit this...

Bank Locker Management System changeidproof.php File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the editid parameter of the changeidproof.php file. An attacker can exploit thi...

Arbitrary File Read Vulnerability in NCC Data Source Configuration Center of New Way Technology Co.

Xindao Technology Co., Ltd. is a company primarily engaged in the software and information technology service industry. An arbitrary file read vulnerability exists in the NCC Data Source Configuration Center of New Way Technology Co. Ltd. that can be exploited by attackers to obtain sensitive...

Yonyou UFIDA ERP-NC /menu.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

Yonyou UFIDA ERP-NC /help/top.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

Yonyou UFIDA ERP-NC /help/systop.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability, whi...

AC8 Buffer Overflow Vulnerability (CNVD-2025-07592) in Shenzhen Jixiang Tengda Technology Co.

Shenzhen Jixiang Tengda Technology Co., Ltd AC8 is a wireless router. Shenzhen Jixiang Tengda Technology Co., Ltd AC8 has a buffer overflow vulnerability, the vulnerability stems from the SetRouteStatic function fails to correctly validate the length and size of the input data, an attacker can us...

D-Link DIR-823X Command Injection Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from the application failing to properly filter constructed command special characters, commands, and so on. No details of the vulnerability are provided...

Bank Locker Management System edit-locker.php?ltid=6 File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the lockersize parameter of the edit-locker.php?ltid=6 file. An attacker c...

Tenda AC7 Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a buffer overflow vulnerability that originates from the formWifiBasicSet function failing to correctly validate the length and size of the input data, which can be exploited by an attacker to execute arbitra...

TOTOLINK A3000RU Access Control Error Vulnerability

The TOTOLINK A3000RU is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3000RU suffers from an Access Control Error vulnerability that originates from improper access control in the Syslog profile handling component in the file /cgi-bin/ExportSyslog.sh. No details of the...

Mattermost Mobile Apps Denial of Service Vulnerability

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A denial of service vulnerability exists in Mattermost Mobile Apps version 2.25.0, which stems from an improperly validated GIF image, and can be exploited by an attacker to crash an Android application via a message...

Siemens Teamcenter Visualization and Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability

Siemens Teamcenter Visualization is software that provides teamwork capabilities for designing 2D and 3D scenarios. The software simplifies the engineering and manufacturing process by creating virtual prototypes from a variety of mechanical computer-aided design MCAD formats.Siemens Tecnomatix...

GPT Academic Denial of Service Vulnerability (CNVD-2025-22736)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a denial of service vulnerability that stems from the use of insecure regular expressions. An attacker could exploit this vulnerability to cause a regular...

Doctor Appointment Management System appointment-bwdates-reports-details.php file SQL injection vulnerability

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter fromdate/todate of...

Art Gallery Management System edit-art-product-detail.php file SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editide/sprice/description of...

Art Gallery Management System edit-artist-detail.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Name of /admin/edit-artist-detail.php?editid=1. An attacker...

Art Gallery Management System edit-art-type-detail.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements for the parameter arttype in /admin/edit-art-type-detail.php?editid=1. An...

Bank Locker Management System search-locker-details.php File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of /search-locker-details.php. An attacker can exploi...

Apache Commons VFS Path Traversal Vulnerability

Apache Commons VFS is a public virtual file system from the Apache USA Foundation. A path traversal vulnerability exists in Apache Commons VFS versions prior to 2.10.0, which stems from a program's failure to properly filter for special elements in a resource or file path. An attacker could explo...

Art Gallery Management System Cross-Site Scripting Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter artname of /product.php, which can be exploited by...

Zoo Management System login.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the parameter Username in /admin/login.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute...

Art Gallery Management System admin-profile.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contactnumber of /admin/admin-profile.php. An attacker can...

Art Gallery Management System view-enquiry-detail.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the viewid parameter of /admin/view-enquiry-detail.php against an externally entered SQL statement. An attacke...

Art Gallery Management System search.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search of /search.php. An attacker can exploit this...

SAP NetWeaver Server ABAP Information Disclosure Vulnerability (CNVD-2025-07609)

SAP NetWeaver Server ABAP is an application server from SAP Germany. An information disclosure vulnerability exists in SAP NetWeaver Server ABAP. The vulnerability stems from the server generating different responses depending on the presence or absence of a particular user, thereby disclosing...

SAP Web Dispatcher and SAP Internet Communication Manager Log Information Disclosure Vulnerability

SAP Web Dispatcher and SAP Internet Communication Manager SAP ICM are both products of SAP, Germany. SAP Web Dispatcher is a core component of Load Balancing, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. SAP...

SAP CRM and SAP S/4HANA server-side request forgery vulnerability (CNVD-2025-07595)

SAP CRM and SAP S/4HANA are both products of SAP, a customer relationship management system, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP CRM and SAP S/4HANA suffer from a server-side request forgery vulnerability, which stems fr...

SAP Business Objects Business Intelligence Platform Information Disclosure Vulnerability (CNVD-2025-07542)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. An information disclosure vulnerability exists in SAP Business Objects Business Intelligence Platform, which stems from the application's inadequate...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2025-07541)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. SAP Business Objects Business Intelligence Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

Siemens Teamcenter Visualization and Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability (CNVD-2025-09959)

Siemens Teamcenter Visualization is software that provides teamwork capabilities for designing 2D and 3D scenarios. The software simplifies the engineering and manufacturing process by creating virtual prototypes from a variety of mechanical computer-aided design MCAD formats.Siemens Tecnomatix...

Siemens SCALANCE LPE9403 Operating System Command Injection Vulnerability (CNVD-2025-09962)

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. The Siemens SCALANCE LPE9403 6GK5998-3GS00-2AC2 suffers from an operating system command injection vulnerability that...

Logic Flaw Vulnerability in H3C Magic R3010 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technology Co.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A logic flaw vulnerability exists in the H3C Magic R3010 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technologies Limited, which can be exploited by an attacker to gain control of the server...

Unspecified Vulnerability in SAP S/4HANA (CNVD-2025-08314)

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from a lack of authorization checking, which could be exploited by an attacker to gain unauthorized access to...

IBM Security ReaQta Code Issue Vulnerability

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. IBM Security ReaQta version 3.12 suffers from a code issue vulnerability that stems from the application's lack of effective validation of uploaded files. An attacker can exploit the...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-06305)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-06304)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

lunary information disclosure vulnerability (CNVD-2025-08308)

lunary is lunary open source a production toolkit for LLM . An information disclosure vulnerability exists in lunary that stems from a GET /projects API endpoint exposing all project public and private API keys to users with least privileges, which can be exploited by an attacker to obtain...

ChuanhuChatGPT Denial of Service Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A denial of service vulnerability exists in ChuanhuChatGPT version 20240918, which can be exploited by an attacker to cause the system to...

IBM InfoSphere Information Server Authorization Issues Vulnerability (CNVD-2025-06810)

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An authorization issue vulnerability exists in IBM InfoSphere Information Server version 11.7 th...

Fortinet FortiClientMAC Code Execution Vulnerability

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. A code execution vulnerability exists in Fortinet FortiClientMAC that originates from an external control of a file name or path, which can be exploited by a local attacker to execute arbitrary co...

Apple macOS Sequoia Information Disclosure Vulnerability

Apple macOS Sequoia is an operating system announced by Apple at the WWDC24 developer conference on June 10, 2024, with the official version launched in the fall of the same year, primarily for Mac devices, emphasizing cross-device collaboration and integration of AI functionality to significantl...

Unspecified Vulnerability in GPT Academic

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a security vulnerability that originates from a specially crafted zip bomb upload that can be exploited by an attacker to cause a memory exhaustion crash...

GPT Academic Server-Side Request Forgery Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a server-side request forgery vulnerability that can be exploited by an attacker to cause an application to access any URL, including internal services, and...

GPT Academic Resource Management Error Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a Resource Management Error vulnerability that stems from an excessive number of characters at the end of a multi-part boundary during a file upload that caus...

ChuanhuChatGPT File Containment Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A file inclusion vulnerability exists in ChuanhuChatGPT version d4ec6a3, which stems from the gr.JSON component not effectively filtering cal...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-06306)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

HDF5 H5T__bit_copy function buffer overflow vulnerability

HDF5 is a library of HDF open source . HDF5 has a buffer overflow vulnerability , the vulnerability stems from the H5Tbitcopy function fails to correctly validate the length of the input data size , an attacker can use this vulnerability to cause a denial of service...