TOTOLINK X18 Command Injection Vulnerability

TOTOLINK X18 is a Gigabit router from China's Gion Electronics TOTOLINK. TOTOLINK X18 version 9.1.0cu.2024B20220329 suffers from a command injection vulnerability that stems from the parameter enable in file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special characters,...

OpenCart File Upload Vulnerability

OpenCart is a set of open source e-commerce system from China OpenCart team. The system provides product reviews, product ratings, product additions and other modules. A file upload vulnerability exists in OpenCart version 1.0, which stems from the lack of effective validation of uploaded files b...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-04170)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX version 11.1. The vulnerability stems from the application's lack of effective filtering and...

Unspecified Vulnerability in IBM ApplinX (CNVD-2025-04982)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A security vulnerability exists in IBM ApplinX. An attacker could exploit the vulnerability to obtain sensitive information when the browser returns a...

IBM ApplinX Information Disclosure Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. IBM ApplinX suffers from an information disclosure vulnerability that originates from storing sensitive information in plaintext in memory. An attacker...

Apache Doris Path Traversal Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from a path traversal vulnerability that stems from the program's failure to properly filter special elements in...

F5 BIG-IP Remote Command Injection Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a remote command injection vulnerability that stems from the application failing to properly filter...

Unspecified Vulnerability in F5 BIG-IP PEM (CNVD-2025-07324)

F5 BIG-IP PEM is a policy enforcer used in BIG-IP from F5 USA. A security vulnerability exists in F5 BIG-IP PEM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM to terminate when configuring URL categorization on a virtual server...

F5 BIG-IP Next Central Manager Input Validation Error Vulnerability

F5 BIG-IP Next Central Manager is a centralized console from F5 USA. An input validation error vulnerability exists in F5 BIG-IP Next Central Manager, which stems from mishandling of API requests, and can be exploited by an attacker to cause termination of the Kubernetes service via an undisclose...

F5 BIG-IP APM Access Profile Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. An access profile vulnerability exists in F5 BIG-IP APM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM t...

NETGEAR FVS336G Command Injection Vulnerability

The NETGEAR FVS336G is a VPN Virtual Private Network firewall router from NETGEAR. The NETGEAR FVS336G suffers from a command injection vulnerability. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, and so on. An attacker...

D-Link DIR-823X Null Pointer Dereference Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a null pointer dereference vulnerability that originates in the parameter macList in the setwifiblacklists function of the file /goform/setwifiblacklists in the component HTTP POST request handler,...

mySCADA myPRO Access Control Error Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An access control error vulnerability exists in mySCADA myPRO that originates from accessing the management interface without authentication. An attacker could exploit...

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2025-03918)

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO that originates from not properly validating input. An attacker could exploit this...

Cisco AsyncOS Input Validation Error Vulnerability (CNVD-2025-03529)

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...

Cisco Expressway Series Cross-Site Scripting Vulnerability

Cisco Expressway Series is a software from Cisco USA for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters work more efficiently on the devices of their choice. A cross-site scripting vulnerability exis...

IBM Aspera Shares Input Validation Error Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Shares, which stems from improper validation of the "Client-IP" header, and can be exploited by an attacker to spoof its IP address written to a log file...

IBM Aspera Shares Cross-Site Scripting Vulnerability (CNVD-2025-04172)

IBM Aspera Shares is a Web application from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which...

IBM Aspera Shares HTML Injection Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from an HTML injection vulnerability. The vulnerability stems from the application's lack of valid filtering and escaping of user-supplied data, which can be exploited by an attacker to inje...

IBM ApplinX Encryption Issue Vulnerability

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cryptographic issue vulnerability exists in IBM ApplinX version 11.1 that stems from not properly enabling HTTP strict transport. An attacker could...

IBM Aspera Shares Server-Side Request Forgery Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from a server-side request forgery vulnerability that stems from the server not implementing an adequate authentication mechanism to confirm the origin of a request, which could be exploited...

Huawei HarmonyOS interpreter string module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An out-of-bounds read vulnerability exists in the Huawei HarmonyOS interpreter string module, which can be exploited by an attacker to cause availability to ...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-06198)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS version 5.0.0, which stems from the presence of incomplete authentication information for the VP...

Huawei HarmonyOS and EMUI display module memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A memory misreference vulnerability exists in Huawei...

JetBrains TeamCity Improper Access Control Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an improper access...

F5 BIG-IP AFM Denial of Service Vulnerability (CNVD-2025-07319)

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A denial of service vulnerability exists in F5 BIG-IP AFM, which stems from a misconfiguration of protocol checks and can be exploited by an attacker to cause an increase in CPU resource utilization...

Google Chrome memory misreference vulnerability (CNVD-2025-12382)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Cisco AsyncOS Cross-Site Scripting Vulnerability (CNVD-2025-03528)

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS that originates from improper user input validation and can be exploited by a remote attacker to execute arbitrary script code or access sensitive information via a...

mySCADA myPRO Cross-Site Request Forgery Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. A cross-site request forgery vulnerability exists in mySCADA myPRO that stems from not properly validating a request. An attacker could exploit this vulnerability to...

F5 BIG-IP Uncontrolled Resource Consumption Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An uncontrolled resource consumption vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to cause a denia...

GNU C Library Buffer Overflow Vulnerability

The GNU C Library is an open source, free C language compiler from the GNU community released under the LGPL license. GNU C Library suffers from a buffer overflow vulnerability that stems from not allocating enough space for assertion failure message strings and size information when the assert...

Online Birth Certificate System /user/certificate-form.php file cross-site scripting vulnerability

Online Birth Certificate System is an online birth certificate system. Online Birth Certificate System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in /user/certificate-form.php, which can be exploited by...

Cisco Secure Web Appliance Input Validation Error Vulnerability

Cisco Secure Web Appliance is an application from Cisco USA. An input validation error vulnerability exists in Cisco Secure Web Appliance that stems from improper handling of HTTP request headers and can be exploited by an attacker to download malicious files...

Huawei HarmonyOS UI Framework Module Log Message Improper Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An improperly controlled log message vulnerability exists in the Huawei HarmonyOS UI framework module, which can be exploited by an attacker to compromise...

Apache James Resource Management Error Vulnerability

Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption by the application,...

Huawei HarmonyOS and EMUI ffrt module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. An out-of-bounds read vulnerability exists in the Huaw...

IBM App Connect Enterprise Path Traversal Vulnerability

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud native IBM App Connect Enterprise combines existing industry-trusted IBM...

Apache Hive Trust Management Issue Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A trust...

mySCADA myPRO Information Disclosure Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An information disclosure vulnerability exists in mySCADA myPRO that originates from storing credentials in plaintext. An attacker could exploit this vulnerability to...

Apache Cassandra Authorization Issues Vulnerability

Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from an authorization issue vulnerability that stems from the inclusion of an incorrect authorization, which can be exploited by an attacker to access a datacenter or IP/CIDR grou...

Unspecified Vulnerability in Open5GS (CNVD-2025-18580)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by attackers to cause a denial of service...

Dell Avamar Access Token Reuse Vulnerability

Dell Avamar is a data backup and recovery solution from Dell that focuses on providing organizations with efficient and flexible data protection services that support physical, virtual and cloud environments. Dell Avamar suffers from an access token reuse vulnerability that stems from the inclusi...

Dell Update Manager Plugin Cross-Site Scripting Vulnerability

Dell Update Manager Plugin is an update management plugin from Dell USA. The Dell Update Manager Plugin suffers from a cross-site scripting vulnerability that originates from improperly neutralized HTML tags, which can be exploited by an attacker to cause information disclosure...

Apache Atlas Cross-Site Scripting Vulnerability (CNVD-2025-05706)

Apache Atlas is a set of scalable and extensible core functional governance services from the Apache USA Foundation. Apache Atlas suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

JetBrains Hub Elevation of Privilege Vulnerability

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. JetBrains Hub suffers from an elevation of privilege vulnerability that originates from an elevation of privilege via LDAP authentication mappin...

Unspecified Vulnerability in F5 BIG-IP PEM

F5 BIG-IP PEM is a policy enforcer used in BIG-IP from F5 USA. A security vulnerability exists in the F5 BIG-IP PEM due to a Diameter Endpoint profile that can be exploited by an attacker to cause the virtual server to stop processing new client connections and cause an increase in memory resourc...

JetBrains YouTrack Log Message Disclosure Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a log information disclosure vulnerability that stems from the fact that persistent tokens can be exposed in logs. An attacker can exploit this...

Unknown Vulnerability in JetBrains YouTrack

JetBrains YouTrack is a project management tool developed by the Czech company JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a security vulnerability that stems from account takeover via spoofed emails and Helpdesk integration. No details of the...

JetBrains TeamCity Permission Issues Vulnerability

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from a privilege issue vulnerability that originates from decrypting connection secrets without proper privileges by testing the connection endpoint. No...

Dell SupportAssist OS Recovery Symbolic Link Attack Vulnerability

Dell SupportAssist OS Recovery is a built-in recovery tool for Dell computers, which is mainly used to solve system problems or hardware failures. Dell SupportAssist OS Recovery suffers from a symbolic link attack vulnerability that can be exploited by attackers to cause arbitrary file deletion a...