130931 matches found
Tenda AC15 Buffer Overflow Vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. Tenda AC15 suffers from a buffer overflow vulnerability, which originates from the parameter mac in the file /goform/SetDevNetName failing to correctly validate the length and size of the input data, which can be exploited by an...
D-Link DIR-816A2 form2WlAc.cgi Component Access Control Error Vulnerability
The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2WlAc.cgi component, which can be exploited by an unauthenticated attacker to set 2.4G and 5G MAC access control via...
Linux kernel memory leak vulnerability (CNVD-2025-02099)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that stems from a memory leak vulnerability in gssxdecoptionarray. No detailed vulnerability details are provided at this...
Linux kernel divide by zero error vulnerability (CNVD-2025-02100)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a divide by zero error vulnerability that stems from a divide by zero error in isd200atacommand. No detailed vulnerability details are provided at this time...
Tenda AC9 Command Injection Vulnerability
Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a command injection vulnerability, which originated when /goform/SetSambaCfg was found to contain a command injection vulnerability. An attacker can exploit this vulnerability to remotely execute arbitrary co...
OpenCart Injection Vulnerability
OpenCart is a set of open source e-commerce system from China OpenCart team. The system provides product reviews, product ratings, product additions and other modules. An injection vulnerability exists in OpenCart version 4.0.0.1, which originates from the parameter headermenuid in the...
IBM Engineering Lifecycle Optimization Publishing Encryption Issue Vulnerability
IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. IBM Engineering Lifecycle Optimization Publishing suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption...
Dell PowerScale OneFS Resource Management Error Vulnerability (CNVD-2025-02103)
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption, resulting in susceptibility to...
Microsoft Purview Code Issue Vulnerability
Microsoft Purview is a service provided by Microsoft for data governance and compliance. A security vulnerability exists in Microsoft Purview, which can be exploited by an attacker to trigger a server to send a request to an internal or external network via a well-constructed request, which could...
Dell VxRail Plaintext Storage Password Vulnerability (CNVD-2025-23480)
Dell VxRail is a hyper-converged infrastructure HCI solution jointly designed by Dell Technologies and VMware, optimized for VMware workloads for virtualized applications, cloud computing and hybrid cloud management. Dell VxRail suffers from a plaintext storage password vulnerability that could b...
NETGEAR DGN1000 Command Injection Vulnerability (CNVD-2025-02105)
The NETGEAR DGN1000 is a wireless router from NETGEAR for home and small office networking. An authentication bypass vulnerability exists in the NETGEAR DGN1000 prior to version 1.1.00.48. An attacker can exploit this vulnerability to take full control of the device by sending a constructed HTTP...
Fuji Electric Alpha5 SMART Stack Buffer Overflow Vulnerability
The Fuji Electric Alpha5 SMART is a high-performance AC servo system designed for high-speed and high-precision control. A stack buffer overflow vulnerability exists in the Fuji Electric Alpha5 SMART. The vulnerability is due to the system failing to perform proper boundary checks on input data...
Mattermost Denial of Service Vulnerability (CNVD-2025-12635)
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A denial of service vulnerability exists in Mattermost. The vulnerability stems from a failure to properly handle attachments that contain string fields. An attacker could exploit the vulnerability to...
TOTOLINK X5000R setWiFiScheduleCfg function desc parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "desc" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...
Adobe Substance 3D Stager Out-of-Bounds Write Vulnerability
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Microsoft Windows Hyper-V NT Kernel Integration VSP elevation of privilege vulnerability (CNVD-2025-05240)
Microsoft Windows Hyper-V is a tool from Microsoft USA that provides hardware virtualization. An elevation of privilege vulnerability exists in Microsoft Windows Hyper-V NT Kernel Integration VSP, which can be exploited by an attacker to gain elevated privileges on a system...
Google Chrome Security Bypass Vulnerability (CNVD-2025-06042)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused due to insufficient data validation in extensions. An attacker can exploit this vulnerability to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2025-06041)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...
Microsoft Windows HTML Platforms Security Feature Bypass Vulnerability
Microsoft Windows HTML Platforms is a technology for rendering and executing HTML content on the Windows operating system. A security feature bypass vulnerability exists in Microsoft Windows HTML Platforms, which is caused by a security feature bypass vulnerability in the HTML Platforms component...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11445)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11443)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11441)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...
WAVLINK AC3000 wireless.cgi set_wifi_basic function buffer overflow vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability that originates from the wireless.cgi setwifibasic function failing to properly validate the length of input data, which can be exploited by an attacker to execute...
TOTOLINK X5000R eHour Parameter Command Injection Vulnerability in setWiFiScheduleCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eHour" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabili...
TOTOLINK X5000R setVpnAccountCfg function desc parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability, which stems from the "desc" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...
TOTOLINK X5000R setScheduleCfg Function Minute Parameter Command Injection Vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "minute" parameter in setScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...
Microsoft Windows Installer elevation of privilege vulnerability (CNVD-2025-02836)
Microsoft Windows Installer is a component of the Windows operating system from Microsoft USA. It provides a standard basis for installing and uninstalling software. A security vulnerability exists in Microsoft Windows Installer. An attacker could exploit the vulnerability to elevate privileges...
Microsoft Windows Installer elevation of privilege vulnerability (CNVD-2025-02835)
Microsoft Windows Installer is a component of the Windows operating system from Microsoft USA. It provides a standard basis for installing and uninstalling software. A security vulnerability exists in Microsoft Windows Installer. An attacker could exploit the vulnerability to elevate privileges...
Microsoft Message Queuing Resource Management Error Vulnerability
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to cause a denial of service...
Google Chrome Information Disclosure Vulnerability (CNVD-2025-03017)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability that can be exploited by attackers to obtain potentially sensitive information from the system via a crafted HTML page...
Google Chrome Security Bypass Vulnerability (CNVD-2025-05093)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in versions of Google Chrome prior to 132.0.6834.83, which can be exploited by attackers to bypass security restrictions...
Google Chrome Code Execution Vulnerability (CNVD-2025-05092)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions of Google Chrome prior to 132.0.6834.83, which can be exploited by an attacker to execute arbitrary code on a system...
WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08335)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000, which is caused by the wireless.cgi SetName function failing to properly validate the length of input data, and can be exploited by an attacker to execute arbitrary code on...
WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08330)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which is caused by the selmode parameter of the qos.cgi qossettings function failing to properly validate the length of the input data, which can be exploited by an...
WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08329)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the qosdat parameter of the qos.cgi qossettings function that fails to properly validate the length of the input data, which can be exploited by an...
WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-09264)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability that originates from the wireless.cgi DeleteMac function failing to properly validate the length of input data, which can be exploited by an attacker to execute arbitrary...
WAVLINK AC3000 Buffer Overflow Vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000, which is caused by the usbip.cgi setinfo function failing to properly validate the length of the input data, and can be exploited to execute arbitrary code or cause a denia...
WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09258)
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...
TOTOLINK X5000R switch parameter command injection vulnerability in the setScheduleCfg function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "switch" parameter in setScheduleCfg to correctly filter for constructor command special...
TOTOLINK X5000R sMinute Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sMinute" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...
WAVLINK AC3000 nas.cgi add_dir function path traversal vulnerability in disk_part parameter
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A path traversal vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the diskpart parameter of the nas.cgi adddir function that fails to correctly filter for special elements in the resource or file...
Unspecified Vulnerability in D-Link DWR-M972V
The D-Link DWR-M972V is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DWR-M972V version 1.05SSG, which can be exploited by remote attackers to execute arbitrary code via SSH using the root account without restriction...
TOTOLINK X5000R setVpnAccountCfg function pass parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "pass" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...
TOTOLINK X5000R sHour Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sHour" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...
WAVLINK AC3000 adm.cgi restart_min parameter command injection vulnerability in sch_reboot function
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the restartmin parameter of the adm.cgi schreboot function to correctly filter the constructor command...
WAVLINK AC3000 adm.cgi rep_as_router function buffer overflow vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi repasrouter function failing to correctly validate the length of the input data, and can be exploited by a remote attacker...
WAVLINK AC3000 adm.cgi restart_week parameter command injection vulnerability in sch_reboot function
WAVLINK AC3000 is a wireless router from China RuiYin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the restartweek parameter of the adm.cgi schreboot function to correctly filter construct command special...
WAVLINK AC3000 adm.cgi set_sys_adm function buffer overflow vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi setsysadm function failing to correctly validate the length of the input data, and can be exploited by a remote attacker t...
WAVLINK AC3000 internet.cgi set_add_routing function's gateway parameter command injection vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the gateway parameter of the internet.cgi setaddrouting function to correctly filter the construct command...
WAVLINK AC3000 internet.cgi set_add_routing function dest parameter command injection vulnerability
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the internet.cgi setaddrouting function's dest parameter failing to properly filter constructed command special character...