Tenda AC8 Buffer Overflow Vulnerability (CNVD-2025-09220)

Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC8, which can be exploited by an attacker to cause a program crash or even arbitrary code execution...

Tenda AC10 Command Injection Vulnerability (CNVD-2025-09219)

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10 suffers from a command injection vulnerability that stems from a command injection vulnerability contained in the formexeCommand function, no details of the vulnerability are provided at this time...

Tenda AC8 Buffer Overflow Vulnerability (CNVD-2025-09167)

Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC8, which stems from a buffer overflow vulnerability in the shareSpeed parameter of the sub47D878 function, which can be exploited by an attacker to execute arbitrary code...

Tenda AC8 Buffer Overflow Vulnerability (CNVD-2025-09166)

Tenda AC8 is a wireless router from Tenda, a Chinese company. Tenda AC8 suffers from a buffer overflow vulnerability, which originates from the improper handling of the parameter list in the /goform/SetIpMacBind file, and can be exploited by an attacker to remotely launch an attack and gain contr...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05055)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

TOTOlink A3002R static_ipv6 parameter buffer overflow vulnerability

The TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOlink A3002R version V1.1.1-B20200824.0128, which stems from the staticipv6 parameter failing to correctly validate the length and size of the input data, and can be...

Esri ArcGIS Server Catalog Traversal Vulnerability

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A directory traversal vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by a remote authenticated attacker to access files outside the file syst...

Human Metapneumovirus Testing Management System /login.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System is vulnerable to a SQL injection vulnerability that affects the username parameter in the /login.php file. No details of the vulnerability are...

News Portal login.php File SQL Injection Vulnerability

News Portal is a news portal. News Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the login.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data...

D-Link DAR-7000 Command Injection Vulnerability

The D-Link DAR-7000 is an Internet Behavior Management and Auditing Gateway device that provides Internet behavior management and auditing capabilities. The D-Link DAR-7000 suffers from a command injection vulnerability that stems from the ethname parameter of the getipaddrdetails function in the...

Nipah virus Testing Management System check_availability.php File SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the checkavailability.php file. An attacker can exploit...

GPT Academic Backlink Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM large language models such as GPT/GLM. GPT Academic suffers from a back-linking vulnerability that stems from not properly handling soft links, which can be exploited by an attacker to cause arbitrary file reads...

Ubiquiti UniFi Protect Cameras Improper Certificate Validation Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. Ubiquiti UniFi Protect Cameras suffers from a Certificate Validation Improperity vulnerability that...

Ubiquiti UniFi Protect Cameras Firmware Update Insufficient Authentication Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. Ubiquiti UniFi Protect Cameras suffers from a Firmware Update Validation Insufficiency vulnerabilit...

D-Link DAP-1320 Stack Buffer Overflow Vulnerability (CNVD-2025-13521)

The D-Link DAP-1320 is a wireless signal extender from China-based AUO D-Link. The D-Link DAP-1320 suffers from a stack buffer overflow vulnerability that originates from the function setwsaction in the file /dws/api/. An attacker can exploit this vulnerability to cause a program crash or even...

D-Link DAP-1320 Stack Buffer Overflow Vulnerability

The D-Link DAP-1320 is a wireless signal extender from China-based AUO D-Link. The D-Link DAP-1320 suffers from a stack buffer overflow vulnerability that originates from the function replacespecialchar in file /storagein.pd-XXXXXX.An attacker can exploit this vulnerability to cause a program cra...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05071)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Student Record System password-recovery.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from an SQL injection vulnerability that originates from an incorrect manipulation of the parameter emailid in the password-recovery.php file, which can lead to SQL injection. An attacker can use this vulnerability to...

TOTOlink A3002R static_gw parameter buffer overflow vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3002R version V1.1.1-B20200824.0128, which stems from the staticgw parameter failing to correctly validate the length and size of the input data, and can be exploit...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05057)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05073)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

GNU GRUB2 Buffer Overflow Vulnerability

GNU GRUB2 is an open source bootloader used to load the operating system kernel when the computer boots. GNU GRUB2 suffers from a buffer overflow vulnerability that originates from an integer overflow when reading data from the squash4 file system. An attacker can exploit this vulnerability to...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-06308)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the product-details.php file. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05064)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-09222)

Tenda AC6 is a dual-band wireless router from China's Tenda Tenda in 2016. Tenda AC6 suffers from a buffer overflow vulnerability, which originates from some unknown features of /goform/WifiExtraSet, and can be exploited by an attacker to execute arbitrary code by manipulating the parameter...

Tenda AC10 Buffer Overflow Vulnerability (CNVD-2025-09218)

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10 suffers from a buffer overflow vulnerability, which originates from the ssid parameter of formfastsettingwifiset contains a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code...

GNU GRUB Buffer Overflow Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability that originates from a heap-based buffer overflow issue in the udf module containing a grubudfreadblock. An attacker could exploit the vulnerability to corrupt critical data and...

Ubiquiti UniFi Protect Cameras Post-Release Reuse Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. \ Ubiquiti UniFi Protect Cameras suffers from a post-release reuse vulnerability that can be...

Ubiquiti UniFi Protect Application Authentication Bypass Vulnerability

The Ubiquiti UniFi Protect Application is an enterprise-grade security monitoring platform that supports both home and business users. Ubiquiti UniFi Protect Application has an authentication bypass vulnerability hole that can be exploited by an attacker to take control of a UniFiProtect camera...

Weak Password Vulnerability in Kingh5stream of Beijing Asian Control Technology Development Co.

Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of industrial automation and informatization software platform, focusing on independent research and development, marketing and service of domestic industrial software. A weak password vulnerability exists in Beijing...

Unauthorized Access Vulnerability in Cultural AI Management System of Sichuan Cultural Big Data Co.

Sichuan Cultural Big Data Limited Liability Company is mainly engaged in big data services, data processing and storage support services, Internet data services, cloud computing equipment technology services, artificial intelligence basic resources and technology platforms, artificial intelligenc...

Linux kernel get_initial_state memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from the use of a skb in getinitialstate after it has been released, which can be exploited by an...

Linux kernel pm runtime resume memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that originates from the use of freed memory during pm runtime resume. An attacker could exploit this vulnerabilit...

Linux kernel sysfs trigger memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from a confusion in the instructions responsible for freeing memory when the sysfs trigger is removed. ...

Cisco OpenH264 Competitive Conditions Vulnerability

Cisco OpenH264 is an open source H.264 codec from Cisco USA. Cisco OpenH264 suffers from a competitive condition vulnerability that can lead to a heap overflow and remote code execution. No details of the vulnerability are provided at this time...

Logic Flaw Vulnerability in Dongsheng Booking Platform of Qingdao Dongsheng Weiye Software Co.

Qingdao Dongsheng Weiye Software Co., Ltd. is a company whose main business includes computer software development, network engineering design, web page design, integrated wiring, software technology services, installation and maintenance of electronic equipment and technical services, logistics...

Linux kernel suffers from a memory leak vulnerability (CNVD-2025-05995)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that stems from apple-aic not handling node reference counting correctly during initialization, which can be exploited by ...

Linux kernel memory misreference vulnerability (CNVD-2025-04672)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a driver uninstallation without logging off the platform device, which can be exploited by an attacker to...

Linux kernel tcmu_try_get_data_page memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from tcmutrygetdatapage not properly obtaining a reference count, which can be exploited by an attacker...

Linux kernel scsi: libfc memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that originates from a mix-up in the instructions responsible for freeing memory in scsi: libfc. An attacker could...

Linux kernel panfrost module memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that originates from the panfrost module's job structure referencing panfrostpriv to obtain the MMU environment,...

Linux kernel macsec memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from a macsec device not obtaining a reference to realdev, which can be exploited by an attacker to cau...

Linux kernel vesafb driver memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that originates from a confusion in the instruction responsible for freeing memory in the vesafb driver. An attack...

IBM EntireX Denial of Service Vulnerability

IBM EntireX is a cross-platform middleware developed by IBM for high-performance data communication and transaction processing between heterogeneous systems. A denial of service vulnerability exists in IBM EntireX regular expressions, which is caused by a complexity flaw in the regular expression...

SQL Injection Vulnerability in NetDrive Unified Communication Platform of Beijing NetDrive Network Technology Co.

Ltd. is a leading global provider of cloud video solutions and services. A SQL injection vulnerability exists in the NetDrive Unified Communications Platform of Beijing NetDrive Network Technology Co., Ltd, which can be exploited by attackers to obtain sensitive information from the database...

IBM EntireX Path Traversal Vulnerability

IBM EntireX is a cross-platform application integration middleware developed by IBM to support data communication and transaction processing between heterogeneous systems. A path traversal vulnerability exists in IBM EntireX, which can be exploited by an attacker to view arbitrary files on a syst...

SQL Injection Vulnerability in Founder Unlimited Media News Editorial System of Beijing Beifang Founder Electronics Co.

Beijing Beifang Founder Electronics Co., Ltd. is a leading technology and service provider in the fields of printing, media, publishing, and font libraries. A SQL injection vulnerability exists in Beijing Founder Electronics Co., Ltd.'s Founder Unlimited All-Media News Gathering and Editing Syste...

emlog file upload vulnerability (CNVD-2025-04611)

emlog is a PHP and MySQL based CMS builder. A file upload vulnerability exists in emlog version v2.5.3, which stems from a lack of validation of uploaded files by the adminplugin.php component. An attacker can exploit this vulnerability to upload malicious files and remotely execute arbitrary cod...

Cisco Application Policy Infrastructure Controller Cross-Site Scripting Vulnerability

Cisco Application Policy Infrastructure Controller is a software for Cisco ACI switching matrix automation and management from Cisco. The Cisco Application Policy Infrastructure Controller suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious...