SQL Injection Vulnerability in KDDI Smart Cloud Platform of KDDI (Beijing) Co.

Ltd. is a company mainly engaged in technology development, technology promotion, technology transfer, technology consulting and technical services. Ltd. SQL injection vulnerability exists in KDDI Smart Cloud Platform, which can be exploited by attackers to obtain sensitive information from the...

OneBlog Template Injection Vulnerability

OneBlog is a Java blog. OneBlog suffers from a template injection vulnerability, no details of the vulnerability are provided at this time...

Geovision GV-ASWeb Code Injection Vulnerability

Geovision GV-ASWeb is a Web-based software from Geovision China for remote access and configuration of GV-ASManager's database. A code injection vulnerability exists in Geovision GV-ASWeb, which can be exploited by an attacker to execute arbitrary commands on the system...

Command Injection Vulnerability in Cisco Application Policy Infrastructure Controller CLI

Cisco Application Policy Infrastructure Controller is a software for Cisco ACI switching matrix automation and management from Cisco. A command injection vulnerability exists in the Cisco Application Policy Infrastructure Controller CLI, which can be exploited by an attacker to submit a special...

Ollama Unauthorized Access Vulnerability

Ollama is an open source Large Language Model LLM runtime environment and toolset designed to help developers easily deploy, manage, and use models e.g., DeepSeek, etc.. Ollama suffers from an unauthorized access vulnerability, which is due to the fact that Ollama is not set up with authenticatio...

D-Link DSL-3782 Buffer Overflow Vulnerability

The D-Link DSL-3782 is a wireless router from China-based AUO D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the destination, netmask and gateway parameters, which can be exploited by an attacker to cause a denial of service...

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of data, intelligent security operation and maintenance, mobile security, security services and other fields in China. A command execution vulnerability exists in the Operations and Maintenance Management and Audit System o...

ChurchCRM Input Validation Error Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM suffers from an input validation error vulnerability that stems from not properly validating input. An attacker can exploit this vulnerability to hijack a user session...

ESRI ArcGIS AllSource Untrusted Search Path Vulnerability

ESRI ArcGIS AllSource is a Intelligence Analyzer software developed by ESRI. An untrustworthy search path vulnerability exists in ESRI ArcGIS AllSource, which can be exploited by an attacker to execute malicious commands...

Tenda AC6 Code Execution Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A code execution vulnerability exists in the Tenda AC6 that stems from the cmdinput parameter of the formexeCommand function failing to properly filter special elements of the constructed snippet. No details of the vulnerability a...

Tenda AC6 sub_452A4 function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. The Tenda AC6 suffers from a buffer overflow vulnerability that originates from a boundary error in the sub452A4 function when handling untrusted input. No detailed vulnerability details are provided at this time...

Dell Secure Connect Gateway SQL Injection Vulnerability

The Dell Secure Connect Gateway Dell SCG is a secure connectivity gateway from Dell, USA. The Dell Secure Connect Gateway suffers from an SQL injection vulnerability that originates from improper neutralization of special elements in SQL commands, which can be exploited by an attacker to execute...

ChurchCRM DonateItemEditor Feature Blind SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a blind SQL injection vulnerability that stems from the CurrentFundraiser parameter being directly connected to a SQL query without sufficient cleanup, which can be exploited by an attacker to execute arbitrary SQL queri...

Tale Blog Cross-Site Scripting Vulnerability

Tale Blog is a Java blog. A cross-site scripting vulnerability exists in Tale Blog version 2.0.5 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data in the logourl parameter of the OptionsService function of...

Nipah Virus Testing Management System /search-report-result.php File SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /search-report-result.php file. An attacker can...

Online Shopping Portal /search-result.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter Product of the file /search-result.php. An attacker can exploit this vulnerability to...

ChurchCRM EditEventAttendees Feature Blind SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a blind SQL injection vulnerability that stems from an EID parameter being directly connected to a SQL query without proper cleanup, which can be exploited by an attacker to execute arbitrary SQL queries using a...

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CNVD-2025-23063)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to bypass certain features...

ESRI ArcGIS Pro Untrustworthy Search Path Vulnerability

ESRI ArcGIS Pro is a powerful desktop GIS software from ESRI. An untrusted search path vulnerability exists in ESRI ArcGIS Pro, which can be exploited by an attacker to execute malicious commands...

Dreamer CMS Cross-Site Scripting Vulnerability (CNVD-2025-04175)

Dreamer CMS is a dreamer content management system. Dreamer CMS version 4.1.3 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the editorValue, answer and content parameters in the /admin/archives/edit...

Mautic Arbitrary File Upload Vulnerability

Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...

Tenda AC8 get_parentControl_list_Info function buffer overflow vulnerability

Tenda AC8 is a wireless router from Tenda, a Chinese company. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from a boundary error in the getparentControllistInfo function when handling untrusted input. No detailed vulnerability details are provided at this time...

FFmpeg Buffer Overflow Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in FFmpeg version 7.1 and earlier versions, which originates from the ffaacsearchfortns function in the libavcodec/aacenctns.c file of the AAC Encoder...

GLPI Input Validation Error Vulnerability

GLPI is an open source IT and asset management software from GLPI Open Source. The software provides a full-featured IT resource management interface , you can use it to create a database to fully manage IT computers , monitors , servers , printers , network devices , telephones , and even toner...

CMSimple Cross-Site Scripting Vulnerability (CNVD-2026-00534)

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that arises from insufficient filtering or escaping of user-supplied input. An attacker could use this vulnerability to execute arbitrary web script or HTML code to steal a user's session...

Google Android dvfs.c apply_minlock_constraint out-of-bounds read vulnerability

Google Android is a free and open source mobile operating system developed by Google Inc. based on the Linux kernel. Google Android suffers from an out-of-bounds read vulnerability that stems from a lack of bounds checking in the applyminlockconstraint module of the dvfs.c file. An attacker can...

Google Android Elevation of Privilege Vulnerability

Google Android is a free and open source mobile operating system developed by Google Inc. based on the Linux kernel. Google Android suffers from an elevation of privilege vulnerability that stems from the presence of debugging certificates that are whitelisted, no details of the vulnerability are...

Google Android Out-of-Bounds Read Vulnerability

Google Android is a free and open source mobile operating system developed by Google Inc. based on the Linux kernel. Google Android suffers from an out-of-bounds read vulnerability that originates from a missing boundary check in the tmugettemplut module of the tmu.c file, which can be exploited ...

Moodle SQL Injection Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an SQL injection vulnerability that stems from not adequately filtering user input. No detailed...

Moodle Cross-Site Scripting Vulnerability (CNVD-2025-11089)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle. The vulnerability stems from a cross-site scripting risk where...

ChurchCRM CurrentFundraiser Parameter Blind SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a blind SQL injection vulnerability that stems from the CurrentFundraiser parameter being directly attached to a SQL query without sufficient cleanup, which can be exploited by an attacker to execute arbitrary SQL querie...

Mattermost SQL Injection Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a SQL injection vulnerability that stems from the use of uncompiled statements, which can be exploited by an attacker to retrieve database data via a specially designed sorting...

CMSimple Cross-Site Scripting Vulnerability (CNVD-2026-00535)

CMSimple is a free content management system. A cross-site scripting vulnerability exists in CMSimple that stems from the Logout parameter in the Language section of the Settings menu not properly filtering user input. No details of the vulnerability are available at this time...

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2025-23064)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from an elevation of privilege vulnerability, which can be exploited by attackers to access sensitive user data when visiting specially crafted...

Siemens Teamcenter Redirection Vulnerability

Teamcenter software is an adaptable, modern Product Lifecycle Management PLM system that connects people and processes across functional silos through digital threads to enable innovation. A redirection vulnerability exists in the Siemens Teamcenter SSO login service, which can be exploited by an...

Linux kernel tmpfs module race condition vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention issue when handling dquot rbtree. No details of the vulnerability are provided at this time...

Microsoft .NET Remote Code Execution Vulnerability

The Microsoft .NET Framework is Microsoft's new development platform after Windows DNA, which runs in a system virtual machine and provides new functionality and development tools for Application Programming Interfaces APIs. A remote code execution vulnerability exists in Microsoft .NET, which ca...

GNU elfutils Buffer Overflow Vulnerability

GNU elfutils is an open source toolset for working with binaries, target files and shared libraries in the ELF Executable and Linkable Format format. GNU elfutils suffers from a buffer overflow vulnerability that stems from improper handling of z/x parameters by the...

Linux Kernel Null Pointer Dereference Vulnerability (CNVD-2025-04159)

The Linux Kernel is the core part of the operating system and is responsible for managing system resources. A null pointer dereference vulnerability exists in the zynqclksetup function of the Linux Kernel. The vulnerability stems from the fact that after the kmalloc function fails to allocate...

Linux Kernel Memory Corruption Vulnerability (CNVD-2025-04158)

The Linux Kernel is the core component of the Linux operating system that manages the system's resources. A memory corruption vulnerability exists in the usbtvvideofree function in the Linux Kernel, which stems from an unnecessary lock call in the usbtvvideofree function that could lead to a...

Linux Kernel Memory Corruption Vulnerability (CNVD-2025-04157)

The Linux Kernel is a core component of many operating systems and is responsible for managing system resources. A security vulnerability exists in the Linux Kernel. The vulnerability stems from improper handling of the adev-dm.dc variable. An attacker could use this vulnerability to cause a deni...

Dell Client Platform BIOS Input Validation Error Vulnerability

Dell Client Platform BIOS is a client platform BIOS from Dell USA. The Dell Client Platform BIOS suffers from an input validation error vulnerability that originates from an over-privileged attacker with local access that could lead to arbitrary code execution. No detailed vulnerability details a...

Linux kernel null pointer dereference vulnerability (CNVD-2025-04165)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from the fact that the return value of ieee80211probereqget may be NULL, and direct use without...

Microsoft Office OneNote Code Execution Vulnerability (CNVD-2025-04195)

Microsoft Office OneNote is a set of tools for free-form information access and multi-user collaboration. A code execution vulnerability exists in Microsoft Office OneNote, which can be exploited by an attacker to execute arbitrary code on a system...

Linux kernel null pointer dereference vulnerability (CNVD-2025-04163)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from the BCache module not properly checking that c-root is NULL in cachesetflush, which could lea...

Linux kernel null pointer dereference vulnerability (CNVD-2025-04161)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a NULL pointer dereference vulnerability, which originates from the mipi-i3c-hci driver stopping the ring without first masking the ring interrupt,...

Linux kernel null pointer dereference vulnerability (CNVD-2025-04162)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drm/dpmst module not properly checking the validity of the mstprimary pointer when processing an MST up...

Linux kernel null pointer dereference vulnerability (CNVD-2025-04164)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that stems from a DLM module that may cause a null pointer dereference to lkbresource when requestlock is...

D-Link DSL-3782 Multiple Parameter OS Command Injection Vulnerability

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from an OS command injection vulnerability that originates from the inIP, insPort, inePort, exsPort, exePort, and protocol parameters, which can be exploited by an attacker to execute arbitrary...

D-Link DSL-3782 Multiple Parameter Buffer Overflow Vulnerability

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the sstartip, sendip, dstartip, and dendip parameters, which can be exploited by an attacker to cause a denial of service...