130931 matches found
TOTOLINK X5000R setScheduleCfg function's hour parameter command injection vulnerability
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "hour" parameter in setScheduleCfg failing to correctly filter constructed command special characters,...
TOTOLINK X5000R Limit Parameter Command Injection Vulnerability in the setVpnAccountCfg Function
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "limit" parameter in setVpnAccountCfg failing to correctly filter constructor special characters, commands,...
Unspecified vulnerability in Linux kernel (CNVD-2025-02112)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not stopping cleaner kthread first during uninstallation.No details of the vulnerability are available at th...
Unspecified vulnerability in Linux kernel (CNVD-2025-02113)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention issue when registering network hooks. No details of the vulnerability are provided at this time...
TP-LINK TL-WR940N Buffer Overflow Vulnerability (CNVD-2025-02852)
The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-LINK TL-WR940N suffers from a buffer overflow vulnerability that originates from a boundary error in the dnsserver1 and dnsserver2 parameters in /userRpm/Wan6to4TunnelCfgRpm.htm when processing untrusted input. An attacker...
iocharger Command Injection Vulnerability
iocharger is an electric vehicle charging and smart energy management solution from the Chinese company Galaxy Zhangtan iocharger. iocharger suffers from a command injection vulnerability that stems from the application's failure to properly filter constructed command special characters, commands...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02238)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to cause abnormal functionality...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02240)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02241)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...
Huawei HarmonyOS and EMUI have unspecified vulnerabilities
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...
D-Link DIR-816 A2 /goform/form2Dhcpd.cgi Access Control Error Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2Dhcpd.cgi. An attacker can exploit this vulnerability to be able to set up...
D-Link DIR-816 A2 /goform/form2AdvanceSetup.cgi Access Control Error Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AdvanceSetup.cgi. An attacker can exploit this vulnerability to set the 2.4...
D-Link DIR-816 A2 /goform/form2NetSniper.cgi Access Control Error Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2NetSniper.cgi. An attacker can exploit this vulnerability to be able to set...
D-Link DIR-816 A2 /goform/form2AddVrtsrv.cgi Access Control Error Vulnerability
The D-Link DIR-816 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2AddVrtsrv.cgi. An attacker can exploit this vulnerability to be able to set up...
Google Android DevmemValidateFlags function out-of-bounds write vulnerability
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability, which stems from a lack of boundary checking in the DevmemValidateFlags function of the devicememserver.c file, which can be exploited by an attacker to caus...
Google Android GetCellInfoList function out-of-bounds read vulnerability
Google Android is a Linux-based open source operating system from Google. Google Android has an out-of-bounds read vulnerability that stems from a lack of boundary checking in the GetCellInfoList function of the protocolnetadapter.cpp file, which can be exploited by an attacker to potentially cau...
Google Android prepare_response_locked function input validation error vulnerability
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an input validation error vulnerability that originates from improper input validation of the prepareresponselocked function in the lwistransaction.c file, which can be exploited by an attacker t...
Google Android wbrc_bt_dev_write function out-of-bounds write vulnerability
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an out-of-bounds write vulnerability, which stems from a lack of bounds checking in the wbrcbtdevwrite function of the wbregoncoordinator.c file, which can be exploited by an attacker to cause an...
IBM Security ReaQta Information Disclosure Vulnerability
IBM Security ReaQta is an AI autonomous detection and response platform from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security ReaQta version 3.12, which stems from the return of sensitive information in an HTTP response, and can be exploited by a...
IBM Cognos Controller and IBM Controller Trust Management Issues Vulnerabilities
IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. A trust management issue vulnerability exists in IBM...
Linux kernel code issue vulnerability (CNVD-2025-02544)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from the STI DRM driver not checking the return value of drmatomicgetcrtcstate in the stihqvdpatomiccheck...
Huawei HarmonyOS Input Validation Error Vulnerability (CNVD-2025-02542)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...
Selesta Visual Access Manager vam_visits.php file cross-site scripting vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager vamvisits.php file, no details of the vulnerability are available at this time...
Selesta Visual Access Manager Cross-Site Scripting Vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the application's lack of effective filtering and escaping of user-supplied data, and for which no detailed vulnerability details a...
BigAntSoft BigAnt office messenger SQL Injection Vulnerability
BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...
Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2025-22314)
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in Selesta Visual Access Manager, which stems from the lack of effective filtering and escaping of user-supplied data in smonitormap.php, for which no detailed vulnerability details...
Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02246)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22658)
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...
Selesta Visual Access Manager vam_ep.php file cross-site scripting vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager vamep.php file, no details of the vulnerability are available at this time...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22654)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. The vulnerability stems from the application's lack of validation of externally entered SQL statements and is exploited by an attacker to perform SQL...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22315)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple parameters of /monitor/snormalizedtrans.php...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22657)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. The vulnerability stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to perform SQ...
IBM Concert Information Disclosure Vulnerability (CNVD-2025-29675)
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from the disclosure of sensitive system informatio...
D-Link DIR-816 A2 /goform/form2LocalAclEditcfg.cgi Access Control Error Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2LocalAclEditcfg.cgi. An attacker can exploit this vulnerability to be able ...
Huawei HarmonyOS Permission License and Access Control Issues Vulnerability (CNVD-2025-02543)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that can be exploited by an attacker to compromise confidentiality...
Selesta Visual Access SQL Injection Vulnerability (CNVD-2025-22546)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager. An attacker can exploit this vulnerability to perform SQL injection in the GET parameter of /monitor/sterminal.php...
Selesta Visual Access Manager s_scheduledfile.php file cross-site scripting vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A cross-site scripting vulnerability exists in the Selesta Visual Access Manager sscheduledfile.php file, no details of the vulnerability are available at this time...
Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02245)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI have a security vulnerability...
IBM Concert Encryption Problem Vulnerability (CNVD-2025-02546)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from an encryption issue vulnerability that stems from a failure to properly enable HTTP Strict Transport Security, which could be...
Tenda AC6 Buffer Overflow Vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. The Tenda AC6 suffers from a buffer overflow vulnerability that originates from a boundary error in the parameter src when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary code on the...
Selesta Visual Access Manager SQL Injection Vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple POST parameters of /monitor/sscheduledfile.php...
IBM Concert Information Disclosure Vulnerability (CNVD-2025-02548)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An information disclosure vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from a detailed technical...
Huawei HarmonyOS UIExtension Cross-Process Screen Stack Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS UIExtension, which can be exploited by an attacker to compromise confidentiality...
Unspecified vulnerability in Linux kernel (CNVD-2025-01702)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect configuration of the PCIe port node in the DTS file for the MIPS architecture Loongson64, which...
LightPicture Cross-Site Scripting Vulnerability
LightPicture is an enterprise/team/personal image resource management system, picture bed system. LightPicture cross-site scripting vulnerability , the vulnerability stems from the file/api/upload parameter file on the user-supplied data lack of effective filtering and escaping , an attacker can...
Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02244)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A security vulnerability exists in Huawei HarmonyOS and...
Unspecified Vulnerability in Google Android (CNVD-2025-20012)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that stems from an anomalous root cause and possible biometric bypass. The vulnerability can be exploited by an attacker to elevate privileges...
Google Android cc_SendCcImsInfoIndMsg function out-of-bounds write vulnerability
Google Android is a Linux-based open source operating system from Google. Google Android has an out-of-bounds write vulnerability that originates from the lack of boundary checking in the ccSendCcImsInfoIndMsg function of the ccMmConManagement.c file, which can be exploited by an attacker to caus...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02242)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22656)
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in the POST parameter of /vam/vameps.php...