Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Tenda AC18 formSetSpeedWan function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the speeddir parameter of the formSetSpeedWan function failing to properly validate the length and size of the input data, which can be exploited by an...

5.7CVSS8.5AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•1 views

Tenda AC18 formSetFirewallCfg Function Buffer Overflow Vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the firewallEn parameter of the formSetFirewallCfg function failing to correctly validate the length and size of the input data, which can be exploited by an...

9.8CVSS8.5AI score0.00725EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Tenda AC18 formSetDeviceName function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the devName parameter of the formSetDeviceName function failing to properly validate the length of the input data, which can be exploited by an attacker to...

9.8CVSS8.5AI score0.00741EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Tenda AC18 formSetPPTPServer function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the startIP parameter of the formSetPPTPServer function failing to properly validate the length of the input data, which can be exploited by an attacker to...

9.8CVSS8.5AI score0.00725EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Tenda AC1200 Access Control Error Vulnerability (CNVD-2025-09858)

The Tenda AC1200 is a wireless router from the Chinese company Tenda. An Access Control Error vulnerability exists in the Tenda AC1200, which stems from incorrect access control, and no detailed vulnerability details are provided at this time...

8.1CVSS7AI score0.00349EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

Tenda i24 Buffer Overflow Vulnerability

The Tenda i24 is a wireless router from the Chinese company Tenda. The Tenda i24 suffers from a buffer overflow vulnerability that originates from a boundary error in the addWifiMacFilter function when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...

9.8CVSS8.4AI score0.00646EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

D-Link DIR-816A2 Information Disclosure Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-816A2, which stems from insufficient protection of sensitive information in the component dstatus.asp, and can be exploited by an attacker to obtain sensitive information...

6.5CVSS8.8AI score0.00451EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Fortinet FortiPortal SQL Injection Vulnerability (CNVD-2025-14318)

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a SQL injection vulnerability that stems from improper...

4.3CVSS7AI score0.00359EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•5 views

D-Link DIR-816A2 form2Wan.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2Wan.cgi component, which can be exploited by an unauthenticated attacker to set up WAN services via a specially...

6.5CVSS6.9AI score0.00551EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

D-Link DIR-816A2 form2RepeaterSetup.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2RepeaterSetup.cgi component, which can be exploited by an unauthenticated attacker to set up 2.4G and 5G relay...

6.5CVSS6.9AI score0.00551EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•9 views

D-Link DIR-816A2 form2PortriggerRule.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2PortriggerRule.cgi component, which can be exploited by an unauthenticated attacker to set a port trigger via a...

5.3CVSS6.8AI score0.00492EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•9 views

Fortinet FortiVoice Operating System Command Injection Vulnerability

Fortinet FortiVoice is a network communications solution from Fortinet, Inc. Fortinet FortiVoice suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacke...

6.7CVSS7.8AI score0.00616EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•4 views

Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2025-03524)

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an operating system command injection...

8.8CVSS7.7AI score0.00545EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•10 views

Fortinet FortiPortal Cross-Site Scripting Vulnerability (CNVD-2025-03523)

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in Fortinet FortiPortal that stems from an...

4.8CVSS6.9AI score0.00346EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

D-Link DIR-816A2 websURLFilterAddDel Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the websURLFilterAddDel component, which can be exploited by an unauthenticated attacker to set up filtering rules via a...

4.3CVSS6.9AI score0.00516EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•7 views

D-Link DIR-816A2 form2WlanBasicSetup.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2WlanBasicSetup.cgi component, which can be exploited by an unauthenticated attacker to set up 2.4G and 5G wireless...

6.5CVSS6.9AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•9 views

Tenda AC10 Command Injection Vulnerability

The Tenda AC10 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC10 version 16.03.10.20, which stems from the failure of the file /goform/telnet to properly filter constructed command special characters, commands, etc. An attacker could use...

8.6CVSS7.3AI score0.05813EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-02530)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

5.5CVSS6.3AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•6 views

Fortinet FortiAP Operating System Command Injection Vulnerability

Fortinet FortiAP is a controller for managing wireless access point devices from Fortinet, Inc. Fortinet FortiAP suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploit...

7.8CVSS7.7AI score0.00675EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•4 views

Ivanti EPM Elevation of Privilege Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an elevation of privilege vulnerability that stems from an issue containing an uninitialized resource that can be exploited by an attacker to elevate its privileges...

7.8CVSS7.2AI score0.00368EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•10 views

Unspecified Vulnerability in Fortinet FortiOS (CNVD-2025-02529)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...

5.3CVSS9.4AI score0.00668EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•5 views

Ivanti EPM Code Issue Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from a code issue vulnerability that stems from the inclusion of an insufficient file name validation issue. An attacker could exploit this vulnerability to achieve remote code execution...

7.8CVSS8AI score0.17614EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•10 views

IBM Jazz for Service Management Access Control Error Vulnerability (CNVD-2025-02831)

IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. An Access Control Error vulnerability exists in IBM Jazz for Service Management that stems from improper access...

7.5CVSS6.5AI score0.00389EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

Fortinet FortiManager Path Traversal Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

5.5CVSS6.8AI score0.01024EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•1 views

Ivanti EPM Absolute Path Traversal Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...

9.8CVSS6.8AI score0.03189EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Ivanti EPM Code Execution Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from a code execution vulnerability that stems from the inclusion of an unrestricted resource search path. An attacker could exploit this vulnerability to achieve remote code execution...

7.2CVSS8.4AI score0.0275EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•1 views

Ivanti EPM Absolute Path Traversal Vulnerability (CNVD-2025-30744)

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...

9.8CVSS6.8AI score0.99762EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•4 views

Ivanti EPM Out-of-Bounds Write Vulnerability (CNVD-2025-30749)

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS7AI score0.02128EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•1 views

Ivanti EPM Out-of-Bounds Write Vulnerability (CNVD-2025-30750)

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS7AI score0.02128EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•7 views

Fortinet FortiManager Operating System Command Injection Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

8.8CVSS7.6AI score0.01055EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•4 views

Ivanti EPM Out-of-Bounds Write Vulnerability

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS7AI score0.01961EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

Ivanti EPM out-of-bounds write vulnerability (CNVD-2025-30748)

Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

7.5CVSS7AI score0.02186EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

IBM CICS TX Advanced Cross-Site Scripting Vulnerability (CNVD-2025-02532)

IBM CICS TX Advanced is a transaction processing monitoring system from International Business Machines IBM for running large-scale, high-transaction-volume applications in enterprise environments. IBM CICS TX Advanced suffers from a cross-site scripting vulnerability that stems from the...

7.2CVSS6.2AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•1 views

Buffer overflow vulnerability in the schedEndTime parameter of the Tenda AC8 setSchedWifi function

Tenda AC8 is a wireless router from Tenda, a Chinese company. Tenda AC8 suffers from a buffer overflow vulnerability, which originates from the failure of the schedStartTime parameter of the setSchedWifi function in file /goform/openSchedWifi to correctly validate the length of the input data,...

8.8CVSS8.5AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•6 views

Mysiteforme SQL Injection Vulnerability

Mysiteforme is a permission management system. A SQL injection vulnerability exists in versions of Mysiteforme prior to 2025.01.01, which stems from the lack of validation of the sname parameter in table/list for externally entered SQL statements. An attacker can exploit this vulnerability to...

7.5CVSS7.8AI score0.00432EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•7 views

D-Link DIR-816A2 form2alg.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2alg.cgi component, which can be exploited by an unauthenticated attacker to set up agl services via a specially...

5.3CVSS6.9AI score0.00492EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

IBM Concert Information Disclosure Vulnerability (CNVD-2025-29674)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive information via...

7.5CVSS6.1AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•12 views

Fortinet FortiDeceptor Access Control Error Vulnerability

Fortinet FortiDeceptor is a cyber threat detection platform from the American company Fiat Fortinet. The platform focuses on exposing cyber threats through deception techniques, among other things. Fortinet FortiDeceptor suffers from an Access Control Error vulnerability that stems from the...

4.3CVSS6.5AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

Tenda AC18 formSetClientState function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the limitSpeedUp parameter of the formSetClientState function failing to properly validate the length of the input data, which can be exploited by an attacke...

9.8CVSS8.5AI score0.00655EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•1 views

Chat System leaveroom.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter id of the file /user/leaveroom.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

7.5CVSS8.2AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•9 views

Fortinet FortiClientEMS Input Validation Error Vulnerability

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S.-based company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. An input validation error...

5.3CVSS6.9AI score0.00487EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

Tenda AC18 form_fast_setting_wifi_set function buffer overflow vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the ssid parameter of the formfastsettingwifiset function failing to properly validate the length of the input data, which can be exploited by an attacker to...

9.8CVSS8.5AI score0.00763EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

Ivanti Endpoint Manager Out-of-Bounds Read Vulnerability

Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. An out-of-bounds read vulnerability exists in Ivanti Endpoint Manager, which can be exploited by an attacker to elevate its privileges...

7.8CVSS6.9AI score0.00434EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•12 views

Fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-03522)

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A resource management error...

7.5CVSS6.9AI score0.00969EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Ivanti Avalanche path traversal vulnerability (CNVD-2025-15476)

Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that can be exploited ...

9.8CVSS7.2AI score0.61812EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Ivanti Avalanche path traversal vulnerability (CNVD-2025-15477)

Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that stems from the...

7.5CVSS6.8AI score0.27759EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•5 views

Ivanti Avalanche Path Traversal Vulnerability

Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that can be exploited ...

9.8CVSS7.2AI score0.32438EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•9 views

D-Link DIR-816A2 formDMZ.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the formDMZ.cgi component, which can be exploited by an attacker to set up the DMZ service via a specially crafted POST...

9.8CVSS6.7AI score0.1436EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•3 views

Mattermost Mobile Denial of Service Vulnerability

Mattermost Mobile is a mobile application project, developed using the React Native framework, designed to provide a cross-platform iOS and Android client for Mattermost. Mattermost Mobile suffers from a denial of service vulnerability that stems from an inability to properly validate the proto...

7.5CVSS6.7AI score0.00507EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

Tenda AC18 Command Injection Vulnerability (CNVD-2025-02899)

The Tenda AC18 is a router from the Chinese company Tenda. Tenda AC18 version 15.03.05.19 suffers from a command injection vulnerability that stems from the usbName parameter of the formSetSambaConf function failing to correctly filter the constructor command special characters, commands, etc. Th...

9.8CVSS7.4AI score0.01477EPSS
Exploits0References1
Total number of security vulnerabilities130931