Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

TOTOLINK X5000R setScheduleCfg function's hour parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "hour" parameter in setScheduleCfg failing to correctly filter constructed command special characters,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•11 views

TOTOLINK X5000R Limit Parameter Command Injection Vulnerability in the setVpnAccountCfg Function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "limit" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...

8.8CVSS7.4AI score0.01573EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•5 views

Unspecified vulnerability in Linux kernel (CNVD-2025-02112)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not stopping cleaner kthread first during uninstallation.No details of the vulnerability are available at th...

7.8CVSS6.6AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/17 12:0 a.m.•6 views

Unspecified vulnerability in Linux kernel (CNVD-2025-02113)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention issue when registering network hooks. No details of the vulnerability are provided at this time...

7.8CVSS6.6AI score0.00254EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

TP-LINK TL-WR940N Buffer Overflow Vulnerability (CNVD-2025-02852)

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-LINK TL-WR940N suffers from a buffer overflow vulnerability that originates from a boundary error in the dnsserver1 and dnsserver2 parameters in /userRpm/Wan6to4TunnelCfgRpm.htm when processing untrusted input. An attacker...

8CVSS8.2AI score0.06132EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

iocharger Command Injection Vulnerability

iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. iocharger suffers from a command injection vulnerability that stems from the application's failure to properly filter constructed command special characters, commands...

9.3CVSS7.5AI score0.01192EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02238)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to cause abnormal functionality...

7.5CVSS6.9AI score0.00199EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•12 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02240)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...

6.8CVSS6.8AI score0.00106EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•5 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02241)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...

5.5CVSS6.8AI score0.00105EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•9 views

Huawei HarmonyOS and EMUI have unspecified vulnerabilities

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

9.1CVSS6.9AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

D-Link DIR-816 A2 /goform/form2Dhcpd.cgi Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2Dhcpd.cgi. An attacker can exploit this vulnerability to be able to set up...

6.9CVSS6.5AI score0.00785EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•8 views

D-Link DIR-816 A2 /goform/form2AdvanceSetup.cgi Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AdvanceSetup.cgi. An attacker can exploit this vulnerability to set the 2.4...

6.9CVSS6.6AI score0.00725EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•8 views

D-Link DIR-816 A2 /goform/form2NetSniper.cgi Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2NetSniper.cgi. An attacker can exploit this vulnerability to be able to set...

6.9CVSS6.5AI score0.0097EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•8 views

D-Link DIR-816 A2 /goform/form2AddVrtsrv.cgi Access Control Error Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AddVrtsrv.cgi. An attacker can exploit this vulnerability to be able to set up...

6.9CVSS6.6AI score0.0081EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

Google Android DevmemValidateFlags function out-of-bounds write vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability, which stems from a lack of boundary checking in the DevmemValidateFlags function of the devicememserver.c file, which can be exploited by an attacker to caus...

7.8CVSS6.8AI score0.00079EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

Google Android GetCellInfoList function out-of-bounds read vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android has an out-of-bounds read vulnerability that stems from a lack of boundary checking in the GetCellInfoList function of the protocolnetadapter.cpp file, which can be exploited by an attacker to potentially cau...

5.5CVSS6.6AI score0.00075EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•5 views

Google Android prepare_response_locked function input validation error vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an input validation error vulnerability that originates from improper input validation of the prepareresponselocked function in the lwistransaction.c file, which can be exploited by an attacker t...

7.8CVSS6.7AI score0.0008EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•5 views

Google Android wbrc_bt_dev_write function out-of-bounds write vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability, which stems from a lack of bounds checking in the wbrcbtdevwrite function of the wbregoncoordinator.c file, which can be exploited by an attacker to cause an...

6.7CVSS6.8AI score0.00081EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

IBM Security ReaQta Information Disclosure Vulnerability

IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security ReaQta version 3.12, which stems from the return of sensitive information in an HTTP response, and can be exploited by a...

5.3CVSS5.9AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•8 views

IBM Cognos Controller and IBM Controller Trust Management Issues Vulnerabilities

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. A trust management issue vulnerability exists in IBM...

8.2CVSS6.4AI score0.0025EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•9 views

Linux kernel code issue vulnerability (CNVD-2025-02544)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from the STI DRM driver not checking the return value of drmatomicgetcrtcstate in the stihqvdpatomiccheck...

5.5CVSS5.5AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

Huawei HarmonyOS Input Validation Error Vulnerability (CNVD-2025-02542)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...

7.5CVSS6.8AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•1 views

Selesta Visual Access Manager vam_visits.php file cross-site scripting vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager vamvisits.php file, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

Selesta Visual Access Manager Cross-Site Scripting Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no detailed vulnerability details a...

6.1CVSS6.3AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

BigAntSoft BigAnt office messenger SQL Injection Vulnerability

BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...

6.3CVSS8AI score0.01729EPSS
Exploits6References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•1 views

Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2025-22314)

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the lack of effective filtering and escaping of user-supplied data in smonitormap.php, for which no detailed vulnerability details...

6.1CVSS6.3AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•5 views

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02246)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

7.5CVSS6.9AI score0.00191EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•1 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22658)

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...

5.4CVSS8.1AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•1 views

Selesta Visual Access Manager vam_ep.php file cross-site scripting vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager vamep.php file, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22654)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. The vulnerability stems from the application's lack of validation of externally entered SQL statements and is exploited by an attacker to perform SQL...

3.8CVSS8AI score0.00309EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22315)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple parameters of /monitor/snormalizedtrans.php...

3.8CVSS8.1AI score0.00309EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22657)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. The vulnerability stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to perform SQ...

3.8CVSS8AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

IBM Concert Information Disclosure Vulnerability (CNVD-2025-29675)

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive system informatio...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

D-Link DIR-816 A2 /goform/form2LocalAclEditcfg.cgi Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...

6.9CVSS6.4AI score0.01067EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•10 views

Huawei HarmonyOS Permission License and Access Control Issues Vulnerability (CNVD-2025-02543)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that can be exploited by an attacker to compromise confidentiality...

7.5CVSS6.8AI score0.00178EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Selesta Visual Access SQL Injection Vulnerability (CNVD-2025-22546)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. An attacker can exploit this vulnerability to perform SQL injection in the GET parameter of /monitor/sterminal.php...

3.8CVSS8AI score0.00309EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

Selesta Visual Access Manager s_scheduledfile.php file cross-site scripting vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager sscheduledfile.php file, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•8 views

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02245)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...

7.5CVSS6.9AI score0.00222EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•17 views

IBM Concert Encryption Problem Vulnerability (CNVD-2025-02546)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...

5.9CVSS6.4AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•1 views

Tenda AC6 Buffer Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. The Tenda AC6 suffers from a buffer overflow vulnerability that originates from a boundary error in the parameter src when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary code on the...

9.8CVSS8.4AI score0.01757EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple POST parameters of /monitor/sscheduledfile.php...

3.8CVSS8.1AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

IBM Concert Information Disclosure Vulnerability (CNVD-2025-02548)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from a detailed technical...

5.3CVSS6.1AI score0.00375EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

Huawei HarmonyOS UIExtension Cross-Process Screen Stack Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS UIExtension, which can be exploited by an attacker to compromise confidentiality...

7.5CVSS6.8AI score0.00192EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•8 views

Unspecified vulnerability in Linux kernel (CNVD-2025-01702)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect configuration of the PCIe port node in the DTS file for the MIPS architecture Loongson64, which...

5.5CVSS6.7AI score0.00201EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•12 views

LightPicture Cross-Site Scripting Vulnerability

LightPicture is an enterprise/team/personal image resource management system, picture bed system. LightPicture cross-site scripting vulnerability , the vulnerability stems from the file/api/upload parameter file on the user-supplied data lack of effective filtering and escaping , an attacker can...

5.4CVSS6.6AI score0.00379EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•5 views

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02244)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A security vulnerability exists in Huawei HarmonyOS and...

7.5CVSS6.9AI score0.00145EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

Unspecified Vulnerability in Google Android (CNVD-2025-20012)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that stems from an anomalous root cause and possible biometric bypass. The vulnerability can be exploited by an attacker to elevate privileges...

7.8CVSS7AI score0.00076EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•5 views

Google Android cc_SendCcImsInfoIndMsg function out-of-bounds write vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android has an out-of-bounds write vulnerability that originates from the lack of boundary checking in the ccSendCcImsInfoIndMsg function of the ccMmConManagement.c file, which can be exploited by an attacker to caus...

9.8CVSS6.8AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02242)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...

6.8CVSS6.8AI score0.00106EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22656)

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in the POST parameter of /vam/vameps.php...

3.8CVSS8AI score0.00309EPSS
Exploits0References1
Total number of security vulnerabilities130931