Command Execution Vulnerability in the Management Panel of Car Park Server of Xiamen KTO Communication Technology Co.

Xiamen KTO Communication Technology Co., Ltd. is a professional smart parking solution provider, focusing on the smart parking industry for many years. A command execution vulnerability exists in the management panel of the car park server of Xiamen KTO Communication Technology Co. Ltd, which can...

IBM EntireX Information Disclosure Vulnerability (CNVD-2025-06204)

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. An information disclosure vulnerability exists in IBM EntireX version 11.1, which is caused by an error...

TRENDnet TEW-929DRU /captive_portal.htm page cross-site scripting vulnerability

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the ssid key of the wifidata parameter on the /captiveportal.htm page, which...

Tenda TX3 setNetControllist function buffer overflow vulnerability

Tenda TX3 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda TX3 16.03.13.11multi, which originates when the parameter list of goform /setNetControllist fails to correctly validate the length of the input data, and can be exploited by an attacker t...

Google ChromeOS Elevation of Privilege Vulnerability

Google ChromeOS is a Web-based lightweight open source operating system from Google Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from elevation of privilege in the installer and recovery image handling, which can be exploited by an attacker to cause...

IBM Concert Brute Force Exploit

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A brute force vulnerability exists in IBM Concert version 1.0.5 that stems from insufficient account lockout settings and can be exploited by an attack...

Tenda AC7 Command Injection Vulnerability (CNVD-2025-05230)

Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the TendaTelnet function in the /goform/telnet file failing to properly filter constructor command special characters, commands, et...

IBM MQ Code Execution Vulnerability (CNVD-2025-05563)

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A code execution vulnerability exists in IBM MQ that stems from improper escape character...

IBM MQ Code Issues Vulnerabilities

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A code issue vulnerability exists in IBM MQ that stems from improper exception condition checking and...

Art Gallery Management System Cross-Site Scripting Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System version 1.0 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter search, which can be exploited by an...

IBM Cognos Analytics Path Traversal Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A path traversal...

Samsung Notes Binary Application Out-of-Bounds Read Vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. Samsung Notes suffers from an out-of-bounds read vulnerability, which arises from an out-of-bounds read when drawing the content binary application, and can be...

Samsung Notes wbmp Image Parsing Function Out-of-Bounds Read Vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. An out-of-bounds read vulnerability exists in Samsung Notes, which stems from a lack of proper validation of user-supplied data when parsing wbmp images, and can be...

Samsung Notes Out-of-Bounds Read Vulnerability (CNVD-2025-12770)

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. Samsung Notes suffers from an out-of-bounds read vulnerability, which arises from an out-of-bounds read when the base content extra data is applied, and can be...

SAMSUNG Notes Out-of-Bounds Read Vulnerability (CNVD-2025-24716)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to read out-of-bounds memory...

Samsung Notes bmp Image Parsing Out-of-Bounds Read Vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. An out-of-bounds read vulnerability exists in Samsung Notes, which stems from a lack of proper validation of user-supplied data when parsing bmp images, and can be...

Samsung Notes Out-of-Bounds Read Vulnerability (CNVD-2025-12768)

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. Samsung Notes suffers from an out-of-bounds read vulnerability, which originates from an out-of-bounds read in a text content binary application, and can be exploited...

Samsung Notes Access Control Error Vulnerability

Samsung Notes is an application from the South Korean company Samsung SAMSUNG. An access control error vulnerability exists in Samsung Notes that stems from improper access control and can be exploited by an attacker to access data in multiple user profiles...

Samsung Notes Out-of-Bounds Read Vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. Samsung Notes suffers from an out-of-bounds read vulnerability that originates from an out-of-bounds read when text data is applied binary, which can be exploited by ...

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24718)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to read out-of-bounds memory...

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24719)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...

SAMSUNG Notes out-of-bounds read-in vulnerability (CNVD-2025-24715)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. An out-of-bounds read vulnerability exists in SAMSUNG Notes, which can be exploited by an attacker to read out-of-bounds memory...

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24714)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to read out-of-bounds memory...

Ubiquiti UniFi Protect Cameras Code Execution Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24713)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to read out-of-bounds memory...

Apache Camel Arbitrary Command Execution Vulnerability

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

Apache Camel Arbitrary Command Execution Vulnerability (CNVD-2025-05168)

Apache Camel is the United States Apache Apache Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern Java objects POJO implementation , and throug...

IBM MQ Denial of Service Vulnerability (CNVD-2025-05564)

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A denial of service vulnerability exists in IBM MQ that stems from improper handling of invalid heade...

Restaurant Table Booking System username/mobileno Parameter SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter username/mobileno in the...

TRENDnet TEW-929DRU /addschedule.htm page cross-site scripting vulnerability

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU version 1.0.0.10 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the rname variable within the havesamename function on...

ChestnutCMS File Upload Vulnerability (CNVD-2025-05386)

ChestnutCMS is a front-end and back-end separated enterprise-level content management system. A file upload vulnerability exists in ChestnutCMS 1.5.2 and earlier versions, which stems from a lack of validation of uploaded files by the parameter file. An attacker can exploit this vulnerability to...

Cisco Meraki MX67 and Cisco Meraki MX68 Access Authentication Error Vulnerabilities

The Cisco Meraki MX67 and Cisco Meraki MX68 are cloud-managed routers in the Cisco Meraki series. An access validation error vulnerability exists in the Cisco Meraki MX67 and Cisco Meraki MX68 that stems from improper access control and can be exploited by an attacker to cause information...

Apache Traffic Server Access Control Error Vulnerability

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A security vulnerability exists in Apache Traffic Server versions 10.0.0 through 10.0.3, and no detailed vulnerability details are provided at this time...

Online Class and Exam Scheduling System profile.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter username in the file...

Open5GS Denial of Service Vulnerability (CNVD-2025-08796)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by attackers to cause network outages...

SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24717)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to read out-of-bounds memory...

Tenda AC15 Command Injection Vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC15 version 15.03.05.19, which originates from an application that fails to properly filter constructed command special characters, commands, etc. The vulnerability can be...

Samsung Notes bmp Image Out-of-Bounds Read Vulnerability

Samsung Notes is an application program from the South Korean company Samsung SAMSUNG. It is used to provide a recording function. Samsung Notes suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read during bmp image rle parsing, which can be exploited by an attack...

Cisco Secure Client has a data forgery issue vulnerability

Cisco Secure Client is a software for connecting to virtual private networks from the American company Cisco Cisco. Cisco Secure Client has a data forgery issue vulnerability that stems from insufficient runtime resource validation, which can be exploited by an attacker to cause a DLL hijacking...

IBM EntireX Information Disclosure Vulnerability (CNVD-2025-06203)

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. An information disclosure vulnerability exists in IBM EntireX version 11.1, which is caused by an error...

Google Chrome Code Execution Vulnerability (CNVD-2025-05087)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome prior to version 134.0.6998.88, which stems from a reuse-after-release vulnerability in Inspector, and can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-09953)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on the system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-09954)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Excel Code Execution Vulnerability (CNVD-2025-10611)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Azure Arc Installer Elevation of Privilege Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. An elevation of privilege vulnerability exists in Microsoft Azure Arc Installer, which can be exploited by an attacker to elevate privileges...

Google Pixel Watch integer overflow vulnerability

Google Pixel Watch is a long-lasting smartwatch from Google USA. Google Pixel Watch suffers from an integer overflow vulnerability that originates from an integer overflow in dhdprocessfullgscanresult in dhdpno.c. An attacker can exploit this vulnerability to cause a local elevation of privilege...

Google Pixel Watch Buffer Overflow Vulnerability

Google Pixel Watch is a long-lasting smartwatch from Google USA. The Google Pixel Watch suffers from a buffer overflow vulnerability that stems from a missing bounds check in wlnotifygscanevent in wlcfgscan.c, which can be exploited by an attacker to cause a local elevation of privilege without...

Google Pixel closeChannel function buffer overflow vulnerability

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that originates from incorrect boundary checking in closeChannel of secureelementimpl.cpp, which can be exploited by an attacker to cause a local information disclosure...

Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2025-05245)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio, which can be exploited by...

Microsoft Access Code Execution Vulnerability (CNVD-2025-05244)

Microsoft Access is a relational database management system in the Office suite of the U.S. Microsoft Microsoft Corporation. A code execution vulnerability exists in Microsoft Access, which can be exploited by an attacker to execute arbitrary code on the system...