Cisco IOS XR Denial of Service Vulnerability (CNVD-2025-15800)

Cisco IOS XR is an operating system developed by the American company Cisco for its network devices. A denial of service vulnerability exists in Cisco IOS XR. The vulnerability stems from the incorrect handling of malformed IKEv2 packets. An attacker could exploit the vulnerability to cause a...

Siemens SCALANCE LPE9403 Elevation of Privilege Vulnerability

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. An elevation of privilege vulnerability exists in the Siemens SCALANCE LPE9403, which can be exploited by an attacker to...

WordPress WP JobHunt plugin wp_ajax_google_api_login_callback function authentication error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP JobHunt...

Tenda AC6 fromAddressNat function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 v15.03.05.16, which is caused by the fromAddressNat function failing to correctly validate the length of input data, and can be exploited by an attacker to execute arbitrary code...

Tenda AC6 formWifiWpsOOB function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. Tenda AC6 v15.03.05.16 suffers from a buffer overflow vulnerability, which stems from the formWifiWpsOOB function failing to correctly validate the length of the input data, which can be exploited by an attacker to execute arbitra...

Tenda AC6 formSetSpeedWan function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. Tenda AC6 v15.03.05.16 suffers from a buffer overflow vulnerability, which stems from the formSetSpeedWan function failing to correctly validate the length of the input data, which can be exploited by an attacker to execute...

Tenda AC9 formWifiWpsOOB function buffer overflow vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. Tenda AC9 suffers from a buffer overflow vulnerability that stems from the formWifiWpsOOB function failing to properly validate the length size of the input data, no details of the vulnerability are provided at this time...

Tenda AC9 formAdvSetMacMtuWan function wanSpeed parameter buffer overflow vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a buffer overflow vulnerability that arises from the wanSpeed parameter of the formAdvSetMacMtuWan function failing to properly validate the length of the input data, which can be exploited by an attacker to...

Tenda AC9 formAdvSetMacMtuWan function cloneType parameter buffer overflow vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a buffer overflow vulnerability that arises from the cloneType parameter of the formAdvSetMacMtuWan function failing to properly validate the length of the input data, which can be exploited by an attacker to...

Human Metapneumovirus Testing Management System /password-recovery.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. A SQL injection vulnerability exists in the Human Metapneumovirus Testing Management System due to a lack of validation of an externally-entered SQL statement in the parameter username in the...

D-Link DIR-823G License Issue Vulnerability

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from an authorization issue vulnerability that stems from improper authorization, no details of the vulnerability are provided at this time...

D-Link DIR-823G License Issue Vulnerability

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from an authorization issue vulnerability that stems from improper authorization and can be exploited by an attacker to cause access control to sensitive content...

Apartment Visitors Management System username parameter SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement for the parameter username. An attacker can exploit this...

Dell SmartFabric OS10 Command Injection Vulnerability

Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. A command injection vulnerability exists in Dell SmartFabric...

Dell SmartFabric OS10 Server-Side Request Forgery Vulnerability

Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. Dell SmartFabric OS10 suffers from a server-side request forgery vulnerability, which stems from the server not implementing an adequate authentication mechanism to confirm the origin of the request, and can be...

Curfew e-Pass Management System /admin/search-pass.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. The Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /admin/search-pass.php file parameter searchdata. An...

Doctor Appointment Management System /doctor/search.php File SQL Injection Vulnerability

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the searchdata parameter of file /doctor/search.php. An...

Apartment Visitors Management System visname Parameter SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter visname. An attacker can exploit this...

Apartment Visitors Management System mobilenumber parameter SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber of file /admin-profile.php...

TOTOLINK EX1800T setPasswordCfg function buffer overflow vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from a buffer overflow vulnerability that stems from the setPasswordCfg function failing to properly validate the length and size of the input data, which can be exploited by an...

TOTOLINK EX1800T setWiFiExtenderConfig function buffer overflow vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1800T suffers from a buffer overflow vulnerability that originates from the setWiFiExtenderConfig function failing to correctly validate the length and size of the input data, which can be...

Online Class and Exam Scheduling System salut_del.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that originates from the parameter id of /pages/salutdel.php that lacks validation of externally entered SQL statements. An...

Dell SmartFabric OS10 Command Injection Vulnerability

Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. Dell SmartFabric OS10 suffers from a command injection vulnerability that originates from improper neutralization of special elements in a command, which can be exploited by an attacker to cause a command to be...

DELL SmartFabric OS10 Hardcoded Password Vulnerability

DELL SmartFabric OS10 Software is a software-defined network operating system from Dell Networks, based on Linux and open source technologies, and is primarily used to enable flexible management and automated deployment of data center network resources. DELL SmartFabric OS10 suffers from a...

Dell SmartFabric OS10 Mismanagement of Privileges Vulnerability

Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. A mismanagement of privileges vulnerability exists in Dell...

Dell SmartFabric OS10 Command Injection Vulnerability (CNVD-2025-15192)

Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. Dell SmartFabric OS10 suffers from a command injection...

Dell SmartFabric OS10 Elevation of Privilege Vulnerability

Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. A security vulnerability exists in Dell SmartFabric OS10 that originates from an unwanted privilege execution that can be exploited by an attacker to cause an elevation of privilege...

Online Class and Exam Scheduling System exam_save.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters member and first of...

Online Class and Exam Scheduling System program.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters id, code, and name ...

Online Class and Exam Scheduling System room.php File Cross-Site Scripting Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters id and rome of...

Online Class and Exam Scheduling System profile.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. A cross-site scripting vulnerability exists in Online Class and Exam Scheduling System, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters memberfirst and...

DELL SmartFabric OS10 Default Password Vulnerability

DELL SmartFabric OS10 Software is a software-defined network operating system from Dell Networks, based on Linux and open source technologies, and is primarily used to enable flexible management and automated deployment of data center network resources. DELL SmartFabric OS10 suffers from a defaul...

Human Metapneumovirus Testing Management System /check_availability.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. The Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter...

Tenda AC9 formAdvSetMacMtuWan function wanMTU parameter buffer overflow vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a buffer overflow vulnerability that originates from the wanMTU parameter of the formAdvSetMacMtuWan function failing to properly validate the length of the input data, which can be exploited by an attacker t...

Tenda AC9 formAdvSetMacMtuWan Buffer Overflow Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC9 formAdvSetMacMtuWan, which originates from the mac parameter of the formAdvSetMacMtuWan function failing to correctly validate the length and size of the input data, and can be...

Dell SmartFabric OS10 Licensing Issues Vulnerability

Dell SmartFabric OS10 is a Linux-based network switch operating system from Dell Dell. Dell SmartFabric OS10 suffers from an authorization issue vulnerability that stems from improper privilege assignment, which can be exploited by an attacker to cause elevation of privilege...

Human Metapneumovirus Testing Management System /profile.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. The Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter...

Dell SmartFabric OS10 Command Injection Vulnerability (CNVD-2025-15191)

Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. Dell SmartFabric OS10 suffers from a command injection...

Dell SmartFabric OS10 Command Injection Vulnerability (CNVD-2025-15193)

Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. Dell SmartFabric OS10 suffers from a command injection...

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer Unspecified Vulnerability (CNVD-2025-05561)

IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...

Company Visitor Management System /index.php File SQL Injection Vulnerability

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter username in the /index.php file of the component Sign In against an externally-entered SQL...

Modern Bag login.php File SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters userEmail/userPassword in the /login.php file. An attacker can exploit this vulnerability to execute...

Online Class and Exam Scheduling System activate.php File SQL Injection Vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. The Online Class and Exam Scheduling System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter id of /pages/activate.php. An...

Online Class and Exam Scheduling System class.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters id and cys in...

WordPress ShareThis Dashboard for Google Analytics plugin authorization issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

Online Class and Exam Scheduling System department.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters id, code, and name ...

Linux kernel infinite loop vulnerability (CNVD-2025-05315)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an infinite loop vulnerability that stems from a namespace disablement that can lead to a crash. The vulnerability can be exploited by an attacker to...

Linux kernel resource management error vulnerability (CNVD-2025-05379)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a resource management error vulnerability that stems from an SST write failure, which could lead to a kernel crash. The vulnerability can be exploited...

Tenda AC8 Buffer Overflow Vulnerability (CNVD-2025-05398)

Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC8, which stems from a buffer overflow vulnerability in the shareSpeed parameter of the sub49E098 function. An attacker could exploit this vulnerability to corrupt memory and...

Linux kernel improper locking vulnerability (CNVD-2025-05376)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an improper locking vulnerability that stems from arenamapfree on a 64k page kernel that could lead to a soft lock. The vulnerability can be exploited...