130931 matches found
Tenda AC18 formSetSpeedWan function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the speeddir parameter of the formSetSpeedWan function failing to properly validate the length and size of the input data, which can be exploited by an...
Tenda AC18 formSetFirewallCfg Function Buffer Overflow Vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the firewallEn parameter of the formSetFirewallCfg function failing to correctly validate the length and size of the input data, which can be exploited by an...
Tenda AC18 formSetDeviceName function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the devName parameter of the formSetDeviceName function failing to properly validate the length of the input data, which can be exploited by an attacker to...
Tenda AC18 formSetPPTPServer function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the startIP parameter of the formSetPPTPServer function failing to properly validate the length of the input data, which can be exploited by an attacker to...
Tenda AC1200 Access Control Error Vulnerability (CNVD-2025-09858)
The Tenda AC1200 is a wireless router from the Chinese company Tenda. An Access Control Error vulnerability exists in the Tenda AC1200, which stems from incorrect access control, and no detailed vulnerability details are provided at this time...
Tenda i24 Buffer Overflow Vulnerability
The Tenda i24 is a wireless router from the Chinese company Tenda. The Tenda i24 suffers from a buffer overflow vulnerability that originates from a boundary error in the addWifiMacFilter function when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...
D-Link DIR-816A2 Information Disclosure Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-816A2, which stems from insufficient protection of sensitive information in the component dstatus.asp, and can be exploited by an attacker to obtain sensitive information...
Fortinet FortiPortal SQL Injection Vulnerability (CNVD-2025-14318)
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a SQL injection vulnerability that stems from improper...
D-Link DIR-816A2 form2Wan.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2Wan.cgi component, which can be exploited by an unauthenticated attacker to set up WAN services via a specially...
D-Link DIR-816A2 form2RepeaterSetup.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2RepeaterSetup.cgi component, which can be exploited by an unauthenticated attacker to set up 2.4G and 5G relay...
D-Link DIR-816A2 form2PortriggerRule.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2PortriggerRule.cgi component, which can be exploited by an unauthenticated attacker to set a port trigger via a...
Fortinet FortiVoice Operating System Command Injection Vulnerability
Fortinet FortiVoice is a network communications solution from Fortinet, Inc. Fortinet FortiVoice suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacke...
Fortinet FortiSandbox OS Command Injection Vulnerability (CNVD-2025-03524)
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox suffers from an operating system command injection...
Fortinet FortiPortal Cross-Site Scripting Vulnerability (CNVD-2025-03523)
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in Fortinet FortiPortal that stems from an...
D-Link DIR-816A2 websURLFilterAddDel Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the websURLFilterAddDel component, which can be exploited by an unauthenticated attacker to set up filtering rules via a...
D-Link DIR-816A2 form2WlanBasicSetup.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2WlanBasicSetup.cgi component, which can be exploited by an unauthenticated attacker to set up 2.4G and 5G wireless...
Tenda AC10 Command Injection Vulnerability
The Tenda AC10 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC10 version 16.03.10.20, which stems from the failure of the file /goform/telnet to properly filter constructed command special characters, commands, etc. An attacker could use...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-02530)
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...
Fortinet FortiAP Operating System Command Injection Vulnerability
Fortinet FortiAP is a controller for managing wireless access point devices from Fortinet, Inc. Fortinet FortiAP suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploit...
Ivanti EPM Elevation of Privilege Vulnerability
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an elevation of privilege vulnerability that stems from an issue containing an uninitialized resource that can be exploited by an attacker to elevate its privileges...
Unspecified Vulnerability in Fortinet FortiOS (CNVD-2025-02529)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS has a security...
Ivanti EPM Code Issue Vulnerability
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from a code issue vulnerability that stems from the inclusion of an insufficient file name validation issue. An attacker could exploit this vulnerability to achieve remote code execution...
IBM Jazz for Service Management Access Control Error Vulnerability (CNVD-2025-02831)
IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. An Access Control Error vulnerability exists in IBM Jazz for Service Management that stems from improper access...
Fortinet FortiManager Path Traversal Vulnerability
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...
Ivanti EPM Absolute Path Traversal Vulnerability
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...
Ivanti EPM Code Execution Vulnerability
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from a code execution vulnerability that stems from the inclusion of an unrestricted resource search path. An attacker could exploit this vulnerability to achieve remote code execution...
Ivanti EPM Absolute Path Traversal Vulnerability (CNVD-2025-30744)
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an absolute path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...
Ivanti EPM Out-of-Bounds Write Vulnerability (CNVD-2025-30749)
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...
Ivanti EPM Out-of-Bounds Write Vulnerability (CNVD-2025-30750)
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...
Fortinet FortiManager Operating System Command Injection Vulnerability
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...
Ivanti EPM Out-of-Bounds Write Vulnerability
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...
Ivanti EPM out-of-bounds write vulnerability (CNVD-2025-30748)
Ivanti EPM is a comprehensive endpoint management solution developed by Ivanti. Ivanti EPM suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...
IBM CICS TX Advanced Cross-Site Scripting Vulnerability (CNVD-2025-02532)
IBM CICS TX Advanced is a transaction processing monitoring system from International Business Machines IBM for running large-scale, high-transaction-volume applications in enterprise environments. IBM CICS TX Advanced suffers from a cross-site scripting vulnerability that stems from the...
Buffer overflow vulnerability in the schedEndTime parameter of the Tenda AC8 setSchedWifi function
Tenda AC8 is a wireless router from Tenda, a Chinese company. Tenda AC8 suffers from a buffer overflow vulnerability, which originates from the failure of the schedStartTime parameter of the setSchedWifi function in file /goform/openSchedWifi to correctly validate the length of the input data,...
Mysiteforme SQL Injection Vulnerability
Mysiteforme is a permission management system. A SQL injection vulnerability exists in versions of Mysiteforme prior to 2025.01.01, which stems from the lack of validation of the sname parameter in table/list for externally entered SQL statements. An attacker can exploit this vulnerability to...
D-Link DIR-816A2 form2alg.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the form2alg.cgi component, which can be exploited by an unauthenticated attacker to set up agl services via a specially...
IBM Concert Information Disclosure Vulnerability (CNVD-2025-29674)
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive information via...
Fortinet FortiDeceptor Access Control Error Vulnerability
Fortinet FortiDeceptor is a cyber threat detection platform from the American company Fiat Fortinet. The platform focuses on exposing cyber threats through deception techniques, among other things. Fortinet FortiDeceptor suffers from an Access Control Error vulnerability that stems from the...
Tenda AC18 formSetClientState function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the limitSpeedUp parameter of the formSetClientState function failing to properly validate the length of the input data, which can be exploited by an attacke...
Chat System leaveroom.php File SQL Injection Vulnerability
Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter id of the file /user/leaveroom.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
Fortinet FortiClientEMS Input Validation Error Vulnerability
Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S.-based company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. An input validation error...
Tenda AC18 form_fast_setting_wifi_set function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from the ssid parameter of the formfastsettingwifiset function failing to properly validate the length of the input data, which can be exploited by an attacker to...
Ivanti Endpoint Manager Out-of-Bounds Read Vulnerability
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to manage all endpoint devices in an enterprise network. An out-of-bounds read vulnerability exists in Ivanti Endpoint Manager, which can be exploited by an attacker to elevate its privileges...
Fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-03522)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A resource management error...
Ivanti Avalanche path traversal vulnerability (CNVD-2025-15476)
Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that can be exploited ...
Ivanti Avalanche path traversal vulnerability (CNVD-2025-15477)
Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that stems from the...
Ivanti Avalanche Path Traversal Vulnerability
Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that can be exploited ...
D-Link DIR-816A2 formDMZ.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control of the formDMZ.cgi component, which can be exploited by an attacker to set up the DMZ service via a specially crafted POST...
Mattermost Mobile Denial of Service Vulnerability
Mattermost Mobile is a mobile application project, developed using the React Native framework, designed to provide a cross-platform iOS and Android client for Mattermost. Mattermost Mobile suffers from a denial of service vulnerability that stems from an inability to properly validate the proto...
Tenda AC18 Command Injection Vulnerability (CNVD-2025-02899)
The Tenda AC18 is a router from the Chinese company Tenda. Tenda AC18 version 15.03.05.19 suffers from a command injection vulnerability that stems from the usbName parameter of the formSetSambaConf function failing to correctly filter the constructor command special characters, commands, etc. Th...