D-Link DSL-3782 Multiple Parameter Buffer Overflow Vulnerability

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that originates in the destination, netmask, and gateway parameters, which can be exploited by an attacker to cause a denial of service...

D-Link DSL-3782 Multiple Parameter OS Command Injection Vulnerability

The D-Link DSL-3782 is a wireless router from Taiwan, China-based D-Link. The D-Link DSL-3782 suffers from an OS command injection vulnerability that originates in the sambawg and sambanbn parameters, which can be exploited by an attacker to execute arbitrary commands...

D-Link DSL-3782 public_type parameter OS Command Injection Vulnerability

The D-Link DSL-3782 is a wireless router from AUO. The D-Link DSL-3782 suffers from an OS command injection vulnerability that stems from the handling of the publictype parameter, which can be exploited by an attacker to submit a special request and execute arbitrary commands...

TOTOLINK X5000R vif_disable Command Injection Vulnerability

The TOTOLINK X5000R is a router product from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that originates from the vifdisable function, no details of the vulnerability are provided at this time...

TOTOLINK X5000R apcli_wps_gen_pincode Command Injection Vulnerability

The TOTOLINK X5000R is a router product from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that originates from the apcliwpsgenpincode function, no details of the vulnerability are provided at this time...

Tenda i12 formSetCfm Buffer Overflow Vulnerability

The Tenda i12 is an enterprise commercial high power AP wireless access point. The Tenda i12 formSetCfm handles a buffer overflow vulnerability in the funcpara1 parameter, which can be exploited by a remote attacker to submit a special request that can crash the application and cause a denial of...

Tenda i12 formwrlSSIDset Buffer Overflow Vulnerability

The Tenda i12 is an enterprise commercial high power AP wireless access point. A buffer overflow vulnerability exists in the Tenda i12 formwrlSSIDset processing list parameter, which can be exploited by a remote attacker to submit a special request that can crash the application and cause a denia...

Google Chrome GPU Heap Overflow Code Execution Vulnerability

Google Chrome is a WEB browser developed by Google Inc. A heap overflow vulnerability exists in the Google Chrome GPU, which can be exploited by a remote attacker to submit a special web request, which induces the user to parse it and can be used to execute arbitrary code in the application conte...

Tenda O4 SafeSetMacFilter Buffer Overflow Vulnerability

Tenda O4 is a router product from Tenda. The Tenda O4 /goform/setMacFilterList handles a buffer overflow vulnerability in the SafeSetMacFilter parameter, which can be exploited by a remote attacker to submit a special request that can crash the application and execute arbitrary code in the...

Microsoft Visual Studio Code Execution Vulnerability (CNVD-2026-00042)

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. A code execution vulnerability exists in Microsoft Visual Studio, which can be exploited by an...

Command Execution Vulnerability in Internet Behavior Management System of Tianrongxin Technology Group Co.

Tianrongxin Technology Group Co., Ltd. is a provider specializing in network security, big data and cloud services. A command execution vulnerability exists in the Internet behavior management system of Tianrongxin Technology Group Co., Ltd. that can be exploited by an attacker to execute arbitra...

Google Chrome Resource Management Error Vulnerability

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that stems from a post-release reuse issue contained in the Network module, which can be exploited by an attacker to submit a special Web request that can be trick...

Heap Overflow Vulnerability in Google Chrome V8

Google Chrome is a WEB browser developed by Google Inc. Google Chrome V8 suffers from a heap overflow vulnerability that can be exploited by a remote attacker to submit a special Web request that induces the user to parse it, which can be used to execute arbitrary code in the application context...

Cisco Secure Email Gateway Access Control Error Vulnerability

Cisco Secure Email Gateway is a secure email gateway software from the American company Cisco Cisco. An access control error vulnerability exists in Cisco Secure Email Gateway, which can be exploited by a remote attacker to submit a special email that can bypass the rules and conduct a malicious...

Tenda i12 formWifiMacFilterSet Buffer Overflow Vulnerability

The Tenda i12 is a Tenda Ceiling Mount Wireless Access Point from Tenda China. The Tenda i12 suffers from a buffer overflow vulnerability that can be exploited by an attacker to crash an application and cause a denial of service...

SQL Injection Vulnerability in Data Application Server of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.

UFIDA NC is a comprehensive business management software for large enterprises. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...

Tenda AC18 Stack Overflow Vulnerability

Tenda AC18 is a wireless router manufactured by Tenda. A stack overflow vulnerability exists in the formSetSafeWanWebMan function in Tenda AC18 version V15.03.05.05, which stems from improper handling of the remoteIp parameter. An attacker can exploit this vulnerability to remotely execute...

Dell NetWorker Management Console Server-Side Arbitrary Code Execution Vulnerability

Dell NetWorker Management Console is a backup and recovery software from Dell USA. A security vulnerability exists in Dell NetWorker Management Console, which arises from the mishandling of a server-side vulnerability that can be exploited by an attacker to run arbitrary code...

D-Link DIR-816 Code Injection Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-816 version 1.01TO, which stems from the fact that incorrect operation of the parameter SSID can lead to cross-site scripting attacks. The vulnerability can be exploited by an...

Command Execution Vulnerability in Internet Behavior Management System of Tianrongxin Technology Group Co.

Tianrongxin Technology Group Co., Ltd. is a high-tech enterprise focusing on network security and cloud computing solutions. A command execution vulnerability exists in the Internet behavior management system of Tianrongxin Technology Group Company Limited, which can be exploited by attackers to...

Apache EventMesh deserialization vulnerability (CNVD-2025-05699)

Apache EventMesh is the United States Apache Apache Foundation's new generation of serverless event middleware for building distributed event-driven applications. Apache EventMesh versions prior to 1.11.0 have a deserialization vulnerability that arises from unsafe deserialization of serialized...

Unauthorized Access Vulnerability in StarRocks of Beijing Mirror Boat Technology Co.

StarRocks is a new generation of extremely fast full-scenario MPP database. There is an unauthorized access vulnerability in StarRocks of Beijing Mirror Boat Technology Co. Ltd. that can be exploited by attackers to obtain sensitive information...

Dell Update Package Framework Local Elevation of Privilege Vulnerability

Dell Update Package Framework is a framework for updating system components from Dell USA. The product focuses on providing installers for drivers, applications, BIOS, and firmware. The Dell Update Package Framework suffers from a local elevation of privilege vulnerability that originates from a...

ASUS RT-N12E Cross-Site Scripting Vulnerability

The ASUS RT-N12E is a wireless router from the Chinese company ASUS. A cross-site scripting vulnerability exists in ASUS RT-N12E version 2.0.0.19, which stems from the lack of effective filtering and escaping of user-supplied data in the SSID parameter of the sysinfo.asp file, which can be...

SAP Supplier Relationship Management Path Traversal Vulnerability

SAP Supplier Relationship Management is a leading procurement supply chain management software designed to help companies optimize supplier relationships and improve procurement efficiency and quality. SAP Supplier Relationship Management suffers from a path traversal vulnerability that can be...

FeMiner wms iquel_inout_item.php file SQL injection vulnerability

FeMiner wms is a warehouse management system for Chinese front-end miners FeMiner individual developers. A SQL injection vulnerability exists in FeMiner wms version 1.0, which stems from the lack of validation of externally entered SQL statements in iquelinoutitem.php. An attacker can exploit thi...

FeMiner wms id parameter SQL injection vulnerability

FeMiner wms is a warehouse management system for Chinese front-end miners FeMiner individual developers. A SQL injection vulnerability exists in FeMiner wms version 1.0, which stems from the lack of validation of the date1, date2, id parameters against externally entered SQL statements. An attack...

Apache Linkis Input Validation Error Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

D-Link DIR-853 PSK Parameter Buffer Overflow Vulnerability

The D-Link DIR-853 is a dual-band wireless router that supports the 802.11ac protocol and provides dual-band 2.4GHz up to 400Mbps and 5GHz up to 867Mbps network connectivity for HD video streaming and online gaming. The D-Link DIR-853 suffers from a buffer overflow vulnerability that originates...

Online Shopping Portal /shopping/track-orders.php SQL Injection Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in /shopping/track-orders.php. No details of the vulnerability are available at this time...

Mattermost Information Disclosure Vulnerability (CNVD-2025-03329)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from an information disclosure vulnerability that stems from not filtering private chat DM messages from deleted channel endpoints, which could disclose metadata such as user IDs. An...

D-Link DSL-3782 Buffer Overflow Vulnerability

The D-Link DSL-3782 is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DSL-3782 v1.01, which stems from the failure of /NewGUI/ParentalControl.asp to correctly validate the length and size of the input data, and can be exploited by a remote...

IBM Power Hardware Management Console Path Traversal Vulnerability

The IBM Power Hardware Management Console HMC is a suite of graphical interface software from International Business Machines IBM for configuring and managing the Power System family of servers. The software is primarily used to manage hardware such as servers. A path traversal vulnerability exis...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-04167)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

Google Android elevation of privilege vulnerability (CNVD-2025-03647)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a logic error in multiple locations. An attacker can exploit the vulnerability to cause a local privilege escalation...

Google Android elevation of privilege vulnerability (CNVD-2025-03644)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code that can be exploited by an attacker to cause a local privilege escalation...

Google Chrome Type Obfuscation Vulnerability (CNVD-2025-12381)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type-obfuscation vulnerability that can be exploited by an attacker to execute arbitrary code inside a sandbox via specially crafted HTML pages...

SAP Approuter Authentication Bypass Vulnerability

SAP Approuter is a key SAP component that is primarily used to handle entry requests for all applications. An authentication bypass vulnerability exists in SAP Approuter, which can be exploited by a remote attacker to submit a special request that can bypass authentication, inject code and execut...

D-Link DIR-853 Password Parameter Buffer Overflow Vulnerability

The D-Link DIR-853 is a dual-band wireless router that supports the 802.11ac protocol and provides dual-band 2.4GHz up to 400Mbps and 5GHz up to 867Mbps network connectivity for HD video streaming and online gaming. The D-Link DIR-853 suffers from a buffer overflow vulnerability that originates...

SAP NetWeaver Application Server Java Information Disclosure Vulnerability (CNVD-2025-03268)

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server Java, which can b...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which can be...

Google Android Code Execution Vulnerability (CNVD-2025-03643)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code execution vulnerability that is caused by a flaw in a system component. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Linux Ratfor Buffer Overflow Vulnerability

Linux Ratfor is a programming language implemented as a preprocessor for Fortran 66. A buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier versions, which stems from an application boundary error when handling untrusted input. An attacker could exploit the vulnerability to execu...

Library Card System SQL Injection Vulnerability (CNVD-2025-03328)

Library Card System is a library management system. A SQL injection vulnerability exists in Library Card System version 1.0, which originates from a lack of validation of the id parameter of the card.php file against externally entered SQL statements. An attacker can use this vulnerability to...

TOTOLINK X18 Buffer Overflow Vulnerability

TOTOLINK X18 is a Gigabit router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK X18 version 9.1.0cu.2024B20220329, which originates from the parameter String in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length size of the input...

Arbitrary File Download Vulnerability in AnalyticsCloud of Beijing Zhiyuan Internet Software Co.

AnalyticsCloud AnalyticsCloud is a platform that integrates advanced data analytics technologies and tools to process data from a variety of data sources, including cloud data, local data, traditional data, and big data. An arbitrary file download vulnerability exists in AnalyticsCloud of Beijing...

YesWiki cross-site scripting vulnerability (CNVD-2025-03330)

YesWiki is a wiki system written in PHP by the French organization YesWiki. It is used to create and manage websites in a collaborative way. A cross-site scripting vulnerability exists in YesWiki 4.4.5 and earlier versions, which stems from improper input validation when the attach component...

Linksys E5600 PRF_Table_content Component Cross-Site Scripting Vulnerability

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A cross-site scripting vulnerability exists in Linksys E5600 Ver.1.1.0.26. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

Cisco BroadWorks Denial of Service Vulnerability

Cisco BroadWorks is a carrier-grade unified communications software platform from Cisco. It is used to deploy cloud calls from public network platforms on any type of wired or wireless network architecture. A denial of service vulnerability exists in Cisco BroadWorks that stems from improper memo...