Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/01/23 12:0 a.m.•2 views

Tenda AC15 Buffer Overflow Vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. Tenda AC15 suffers from a buffer overflow vulnerability, which originates from the parameter mac in the file /goform/SetDevNetName failing to correctly validate the length and size of the input data, which can be exploited by an...

9CVSS8.5AI score0.08654EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/23 12:0 a.m.•8 views

D-Link DIR-816A2 form2WlAc.cgi Component Access Control Error Vulnerability

The D-Link DIR-816A2 is a router from China's AUO D-Link. The D-Link DIR-816A2 suffers from an Access Control Error vulnerability that stems from improper access control in the form2WlAc.cgi component, which can be exploited by an unauthenticated attacker to set 2.4G and 5G MAC access control via...

6.5CVSS6.8AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/22 12:0 a.m.•27 views

Linux kernel memory leak vulnerability (CNVD-2025-02099)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that stems from a memory leak vulnerability in gssxdecoptionarray. No detailed vulnerability details are provided at this...

5.5CVSS9.1AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/22 12:0 a.m.•8 views

Linux kernel divide by zero error vulnerability (CNVD-2025-02100)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a divide by zero error vulnerability that stems from a divide by zero error in isd200atacommand. No detailed vulnerability details are provided at this time...

5.5CVSS6.7AI score0.00242EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•2 views

Tenda AC9 Command Injection Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a command injection vulnerability, which originated when /goform/SetSambaCfg was found to contain a command injection vulnerability. An attacker can exploit this vulnerability to remotely execute arbitrary co...

9.8CVSS8.2AI score0.01929EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•8 views

OpenCart Injection Vulnerability

OpenCart is a set of open source e-commerce system from China OpenCart team. The system provides product reviews, product ratings, product additions and other modules. An injection vulnerability exists in OpenCart version 4.0.0.1, which originates from the parameter headermenuid in the...

4.3CVSS7.9AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•9 views

IBM Engineering Lifecycle Optimization Publishing Encryption Issue Vulnerability

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. IBM Engineering Lifecycle Optimization Publishing suffers from a cryptographic issue vulnerability that stems from the use of a weaker-than-expected encryption...

7.5CVSS6.3AI score0.00195EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•6 views

Dell PowerScale OneFS Resource Management Error Vulnerability (CNVD-2025-02103)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption, resulting in susceptibility to...

6.5CVSS6.7AI score0.00441EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•6 views

Microsoft Purview Code Issue Vulnerability

Microsoft Purview is a service provided by Microsoft for data governance and compliance. A security vulnerability exists in Microsoft Purview, which can be exploited by an attacker to trigger a server to send a request to an internal or external network via a well-constructed request, which could...

8.8CVSS8.4AI score0.24441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•4 views

Dell VxRail Plaintext Storage Password Vulnerability (CNVD-2025-23480)

Dell VxRail is a hyper-converged infrastructure HCI solution jointly designed by Dell Technologies and VMware, optimized for VMware workloads for virtualized applications, cloud computing and hybrid cloud management. Dell VxRail suffers from a plaintext storage password vulnerability that could b...

7.5CVSS6.8AI score0.00161EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/21 12:0 a.m.•6 views

NETGEAR DGN1000 Command Injection Vulnerability (CNVD-2025-02105)

The NETGEAR DGN1000 is a wireless router from NETGEAR for home and small office networking. An authentication bypass vulnerability exists in the NETGEAR DGN1000 prior to version 1.1.00.48. An attacker can exploit this vulnerability to take full control of the device by sending a constructed HTTP...

9.8CVSS7.8AI score0.28986EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/20 12:0 a.m.•1 views

Fuji Electric Alpha5 SMART Stack Buffer Overflow Vulnerability

The Fuji Electric Alpha5 SMART is a high-performance AC servo system designed for high-speed and high-precision control. A stack buffer overflow vulnerability exists in the Fuji Electric Alpha5 SMART. The vulnerability is due to the system failing to perform proper boundary checks on input data...

8.5CVSS7.8AI score0.00341EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/20 12:0 a.m.•2 views

Mattermost Denial of Service Vulnerability (CNVD-2025-12635)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A denial of service vulnerability exists in Mattermost. The vulnerability stems from a failure to properly handle attachments that contain string fields. An attacker could exploit the vulnerability to...

7.5CVSS6.5AI score0.00442EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•3 views

TOTOLINK X5000R setWiFiScheduleCfg function desc parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "desc" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...

6.8CVSS9.5AI score0.01327EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

Adobe Substance 3D Stager Out-of-Bounds Write Vulnerability

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.6AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

Microsoft Windows Hyper-V NT Kernel Integration VSP elevation of privilege vulnerability (CNVD-2025-05240)

Microsoft Windows Hyper-V is a tool from Microsoft USA that provides hardware virtualization. An elevation of privilege vulnerability exists in Microsoft Windows Hyper-V NT Kernel Integration VSP, which can be exploited by an attacker to gain elevated privileges on a system...

7.8CVSS7.2AI score0.01363EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-06042)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused due to insufficient data validation in extensions. An attacker can exploit this vulnerability to bypass security restrictions...

8.8CVSS6.8AI score0.00445EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•7 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-06041)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...

4.3CVSS6.8AI score0.00294EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•1 views

Microsoft Windows HTML Platforms Security Feature Bypass Vulnerability

Microsoft Windows HTML Platforms is a technology for rendering and executing HTML content on the Windows operating system. A security feature bypass vulnerability exists in Microsoft Windows HTML Platforms, which is caused by a security feature bypass vulnerability in the HTML Platforms component...

4.3CVSS6.6AI score0.04428EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•3 views

WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11445)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...

9.1CVSS9.2AI score0.01457EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•2 views

WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11443)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...

9.1CVSS9.2AI score0.01457EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•2 views

WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-11441)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. An external configuration control vulnerability exists in the WAVLINK AC3000, which can be exploited by attackers to cause a privilege bypass...

9.1CVSS9.2AI score0.01457EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•3 views

WAVLINK AC3000 wireless.cgi set_wifi_basic function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability that originates from the wireless.cgi setwifibasic function failing to properly validate the length of input data, which can be exploited by an attacker to execute...

9.1CVSS9.8AI score0.01985EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•2 views

TOTOLINK X5000R eHour Parameter Command Injection Vulnerability in setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "eHour" parameter in setWiFiScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabili...

8.8CVSS9.5AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•1 views

TOTOLINK X5000R setVpnAccountCfg function desc parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability, which stems from the "desc" parameter in setVpnAccountCfg failing to properly filter constructed command special characters, commands, etc. This vulnerabilit...

8.8CVSS9.6AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•1 views

TOTOLINK X5000R setScheduleCfg Function Minute Parameter Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the "minute" parameter in setScheduleCfg failing to properly filter constructed command special characters, commands, etc. This vulnerability...

8.8CVSS9.5AI score0.01708EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

Microsoft Windows Installer elevation of privilege vulnerability (CNVD-2025-02836)

Microsoft Windows Installer is a component of the Windows operating system from Microsoft USA. It provides a standard basis for installing and uninstalling software. A security vulnerability exists in Microsoft Windows Installer. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS7.5AI score0.00606EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•16 views

Microsoft Windows Installer elevation of privilege vulnerability (CNVD-2025-02835)

Microsoft Windows Installer is a component of the Windows operating system from Microsoft USA. It provides a standard basis for installing and uninstalling software. A security vulnerability exists in Microsoft Windows Installer. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS7.5AI score0.00538EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•11 views

Microsoft Message Queuing Resource Management Error Vulnerability

Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A security vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS7.3AI score0.02309EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

Google Chrome Information Disclosure Vulnerability (CNVD-2025-03017)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability that can be exploited by attackers to obtain potentially sensitive information from the system via a crafted HTML page...

6.5CVSS6.2AI score0.00375EPSS
Exploits2References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

Google Chrome Security Bypass Vulnerability (CNVD-2025-05093)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in versions of Google Chrome prior to 132.0.6834.83, which can be exploited by attackers to bypass security restrictions...

4.3CVSS6.3AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•11 views

Google Chrome Code Execution Vulnerability (CNVD-2025-05092)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions of Google Chrome prior to 132.0.6834.83, which can be exploited by an attacker to execute arbitrary code on a system...

6.5CVSS7.5AI score0.00268EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08335)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000, which is caused by the wireless.cgi SetName function failing to properly validate the length of input data, and can be exploited by an attacker to execute arbitrary code on...

9.1CVSS8.1AI score0.02362EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08330)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which is caused by the selmode parameter of the qos.cgi qossettings function failing to properly validate the length of the input data, which can be exploited by an...

9.1CVSS8.2AI score0.01212EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-08329)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the qosdat parameter of the qos.cgi qossettings function that fails to properly validate the length of the input data, which can be exploited by an...

9.1CVSS8.2AI score0.00845EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 Buffer Overflow Vulnerability (CNVD-2025-09264)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability that originates from the wireless.cgi DeleteMac function failing to properly validate the length of input data, which can be exploited by an attacker to execute arbitrary...

9.1CVSS8.2AI score0.02362EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

WAVLINK AC3000 Buffer Overflow Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000, which is caused by the usbip.cgi setinfo function failing to properly validate the length of the input data, and can be exploited to execute arbitrary code or cause a denia...

9.1CVSS8.1AI score0.01265EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 External Configuration Control Vulnerability (CNVD-2025-09258)

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that originates from the openvpn.cgi openvpnserversetup function's openport parameter failing to correctly filter constructed command special characters,...

9.1CVSS7.4AI score0.0183EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

TOTOLINK X5000R switch parameter command injection vulnerability in the setScheduleCfg function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the failure of the "switch" parameter in setScheduleCfg to correctly filter for constructor command special...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

TOTOLINK X5000R sMinute Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sMinute" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•11 views

WAVLINK AC3000 nas.cgi add_dir function path traversal vulnerability in disk_part parameter

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A path traversal vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the diskpart parameter of the nas.cgi adddir function that fails to correctly filter for special elements in the resource or file...

9.1CVSS9.2AI score0.0243EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

Unspecified Vulnerability in D-Link DWR-M972V

The D-Link DWR-M972V is a router from China-based AUO D-Link. A security vulnerability exists in the D-Link DWR-M972V version 1.05SSG, which can be exploited by remote attackers to execute arbitrary code via SSH using the root account without restriction...

9.8CVSS7.9AI score0.02454EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•4 views

TOTOLINK X5000R setVpnAccountCfg function pass parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "pass" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

TOTOLINK X5000R sHour Parameter Command Injection Vulnerability in the setWiFiScheduleCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "sHour" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

WAVLINK AC3000 adm.cgi restart_min parameter command injection vulnerability in sch_reboot function

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the restartmin parameter of the adm.cgi schreboot function to correctly filter the constructor command...

9.1CVSS7.4AI score0.03718EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

WAVLINK AC3000 adm.cgi rep_as_router function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi repasrouter function failing to correctly validate the length of the input data, and can be exploited by a remote attacker...

9.1CVSS8.3AI score0.01805EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•8 views

WAVLINK AC3000 adm.cgi restart_week parameter command injection vulnerability in sch_reboot function

WAVLINK AC3000 is a wireless router from China RuiYin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the restartweek parameter of the adm.cgi schreboot function to correctly filter construct command special...

9.1CVSS7.3AI score0.04469EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•12 views

WAVLINK AC3000 adm.cgi set_sys_adm function buffer overflow vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A buffer overflow vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505, which is caused by the adm.cgi setsysadm function failing to correctly validate the length of the input data, and can be exploited by a remote attacker t...

9.1CVSS8.2AI score0.0126EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•9 views

WAVLINK AC3000 internet.cgi set_add_routing function's gateway parameter command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the failure of the gateway parameter of the internet.cgi setaddrouting function to correctly filter the construct command...

9.1CVSS7.3AI score0.04815EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•15 views

WAVLINK AC3000 internet.cgi set_add_routing function dest parameter command injection vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which originates from the internet.cgi setaddrouting function's dest parameter failing to properly filter constructed command special character...

9.1CVSS7.3AI score0.04156EPSS
Exploits1References1
Total number of security vulnerabilities130931