Lucene search
K

130931 matches found

CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Chat System deleteroom.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter id of the /admin/deleteroom.php file. An attacker can exploit this vulnerability to execute illegal SQL commands t...

7.5CVSS8.2AI score0.0043EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02239)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...

5.5CVSS6.8AI score0.00135EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

Unspecified Vulnerability in Selesta Visual Access Manager (CNVD-2025-22661)

Selesta Visual Access Manager is a visual access manager from Selesta. A security vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to write arbitrary files by manipulating the POST parameter of the page common/vamSql.php...

6.5CVSS7AI score0.00344EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•16 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-01701)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to potentially compromise availability...

7.5CVSS6.9AI score0.00199EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•2 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22659)

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to perform SQL injection...

8.8CVSS8.1AI score0.00371EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Sichuan Ruihu Network Technology Co., Ltd. Ruihu group control there are information leakage vulnerabilities

Sichuan Ruihu Network Technology Co., Ltd. is an innovative technology service provider focusing on hospital Internet application platform. Sichuan Ruihu Network Technology Co., Ltd. Ruihu site group control information leakage vulnerability, attackers can use the vulnerability to obtain sensitiv...

6.5AI score
Exploits0
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02247)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A security vulnerability exists in Huawei HarmonyOS and...

7.5CVSS6.9AI score0.00211EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•6 views

D-Link DIR-816 A2 /goform/form2IPQoSTcAdd Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2IPQoSTcAdd. An attacker can exploit this vulnerability to be able to set th...

6.9CVSS6.5AI score0.27198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•7 views

IBM Concert Input Validation Error Vulnerability (CNVD-2025-02547)

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An input validation error vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from incorrect log...

5.4CVSS6.2AI score0.00251EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•3 views

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from a lack of validation of the GET parameter of /common/ajaxfunction.php against an externally entered SQL statement. An attacker can exploi...

3.8CVSS8.3AI score0.00309EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/16 12:0 a.m.•4 views

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22579)

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that can be exploited by an attacker to perform SQL injection in multiple POST parameters of /var/vamanagraph.php...

3.8CVSS8.1AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/15 12:0 a.m.•9 views

Huawei HarmonyOS Information Disclosure Vulnerability (CNVD-2025-01605)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability. An attacker can exploit the vulnerability to execute an attack, which may lead to confidential information...

7.5CVSS6.9AI score0.00203EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/15 12:0 a.m.•7 views

huawei HarmonyOS Privilege Permission and Access Control Issues Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a cross-process page stacking vulnerability in UIExtension. An attacker could exploit t...

7.5CVSS6.7AI score0.00257EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/14 12:0 a.m.•9 views

SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.

UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
•added 2025/01/14 12:0 a.m.•7 views

Siemens SIMATIC S7-1200 CPU Cross-Site Request Forgery Vulnerability

SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and the chemical industry.SIPLUS extreme products are designed to operate reliably under extreme conditions and are based on SIMATIC, LOGO!,...

7.2CVSS6.8AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/14 12:0 a.m.•6 views

Siemens Siveillance Video Camera Driver Information Disclosure Vulnerability

Siveillance Video formerly known as Siveillance VMS is a powerful IP video management software designed for deployments ranging from small and simple to large-scale and high-security.The Siveillance Video family of products portfolio consists of four editions: Siveillance Video Core, Core Plus,...

7.8CVSS5.9AI score0.00145EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/14 12:0 a.m.•7 views

Siemens Mendix LDAP Injection Vulnerability

Mendix LDAP is a client-side implementation of the Lightweight Directory Access Protocol LDAP that allows your application to communicate with an LDAP server, such as the local Microsoft Active Directory AD. An injection vulnerability exists in Siemens Mendix LDAP, which can be exploited by an...

9.1CVSS6.9AI score0.00481EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/14 12:0 a.m.•6 views

Siemens Industrial Edge Management Cross-Site Scripting Vulnerability

Industrial Edge represents an open, ready-to-use edge computing platform consisting of edge devices, edge applications, edge connectivity, and application and device management infrastructure. A cross-site scripting vulnerability exists in Siemens Industrial Edge Management, which can be exploite...

6.1CVSS5.8AI score0.00273EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/14 12:0 a.m.•4 views

Siemens SIPROTEC 5 Improper File Access Restriction Vulnerability

SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other applications. A File Access Improperly Restricted vulnerability exists in Siemens SIPROTEC 5. The vulnerability, which arises from the device not properly restricti...

7.1CVSS7.1AI score0.00593EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•8 views

TOTOLINK A6000R enable_wsh Command Injection Vulnerability

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. A security vulnerability exists in the handling of the modifyOne parameter in the TOTOLINK A6000R enablewsh function, which can be...

8CVSS7.6AI score0.01217EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•7 views

Linksys E7350 reset_wifi command injection vulnerability

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the devname parameter by the Linksys E7350 resetwifi function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

9.8CVSS7.5AI score0.01645EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•5 views

Huawei HarmonyOS Findnetwork Module Command Validation Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A command authentication bypass vulnerability exists in the Huawei HarmonyOS Findnetwork module, which can be exploited by an attacker to submit a special...

5.3CVSS7.2AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•5 views

Huawei HarmonyOS Connectivity Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Connectivity module, which can be exploited by an attacker to cause functionality anomalies...

7.5CVSS6.8AI score0.00189EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•7 views

Huawei HarmonyOS Window Management Module Incorrect Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An incorrect privilege control vulnerability exists in the Huawei HarmonyOS window management module, which can be exploited by an attacker to compromise...

7.8CVSS6.8AI score0.00242EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•7 views

Linksys E7350 apcli_wps_gen_pincode command injection vulnerability

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter by the Linksys E7350 apcliwpsgenpincode function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...

9.8CVSS7.5AI score0.01645EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•8 views

Linksys E7350 apcli_do_enr_pin_wps Command Injection Vulnerability

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclidoenrpinwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context t...

9.8CVSS7.5AI score0.01645EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•6 views

Huawei HarmonyOS Authentication Module Access Control Vulnerability

Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. An access...

7.5CVSS6.7AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•8 views

Cisco Crosswork Network Controller Cross-Site Scripting Vulnerability

Cisco Crosswork Network Controller is a network controller from Cisco USA. The Cisco Crosswork Network Controller suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive...

4.8CVSS5.6AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•6 views

Huawei HarmonyOS Device Driver Module Buffer Overflow Vulnerability

Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. A buffer...

6.3CVSS7AI score0.0011EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•7 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01386)

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...

5.4CVSS5.6AI score0.00357EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•11 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01384)

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...

5.4CVSS5.6AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•10 views

Vulnerabilities in Permission Issues in Various Apple Products

macOS is a set of operating systems developed by Apple to run on the Macintosh family of computers. iPhone OS is an operating system developed by Apple for the iPhone and iPod touch. watchOS is a set of watch operating systems developed by Apple for use with the Apple Watch based on iOS. iPadOS i...

5.5CVSS6.2AI score0.00187EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•12 views

Linux kernel buffer overflow vulnerability (CNVD-2025-02550)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a buffer overflow vulnerability that can be exploited by attackers to cause EROFS data corruption...

6.1CVSS7.5AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•7 views

Huawei HarmonyOS Account Module Elevation of Privilege Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a privilege extraction vulnerability in the Account module. An attacker could exploit t...

7.5CVSS6.8AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•11 views

Unspecified Vulnerability in SonicWALL SonicOS (CNVD-2025-01660)

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWall SonicOS that stems from the presence of a server-side request forgery vulnerability. A remote attacker can exploit this vulnerability to...

7.5CVSS7AI score0.00711EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•9 views

Huawei HarmonyOS Distributed Notification Module Competitive Conditions Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS Distributed Notification Module, which can be exploited by an attacker to cause...

5.9CVSS6.7AI score0.00143EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•8 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01385)

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...

5.4CVSS5.6AI score0.00276EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•11 views

Linksys E7350 vif_enable Command Injection Vulnerability

The Linksys E7350 is a wireless router device from Leadsys. An input validation vulnerability exists in the handling of the iface parameter by the Linksys E7350 vifenable function, which can be exploited by a remote attacker to submit a special request that can be used in the application context ...

8CVSS7.5AI score0.01174EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•10 views

Linksys E7350 apcli_cancel_wps Command Injection Vulnerability

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclicancelwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

6.3CVSS7.5AI score0.00794EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•5 views

TOTOLINK A6000R action_passwd command injection vulnerability

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding network experience. A security vulnerability exists in the TOTOLINK A6000R actionpasswd function's handling of the newpasswd parameter, which can be exploite...

6.3CVSS7.8AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•9 views

emlog /admin/article.php parameter IMAGE cross-site scripting vulnerability

emlog is a PHP and MySQL based CMS builder. A cross-site scripting vulnerability exists in the emlog /admin/article.php processing IMAGE, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessions whe...

5.4CVSS5.9AI score0.00315EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•2 views

TOTOLINK A6000R reset_wifi command injection vulnerability

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. TOTOLINK A6000R suffers from a command injection vulnerability, which originates from the devname parameter of the resetwifi function,...

6.3CVSS6.8AI score0.00675EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•8 views

Linksys E7350 vif_disable Command Injection Vulnerability

The Linksys E7350 is a wireless router device from Leadsys. An input validation vulnerability exists in the handling of the iface parameter by the Linksys E7350 vifdisable function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...

8CVSS7.5AI score0.01174EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•7 views

Huawei HarmonyOS Device Node Access Module Memory Misreference Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS device node access module, which can be exploited by an attacker to cause a device service...

7.5CVSS6.7AI score0.00148EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•8 views

TOTOLINK A6000R action_reboot command injection vulnerability

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. A security vulnerability exists in the handling of the opmode parameter in the TOTOLINK A6000R actionreboot function, which can be...

5.1CVSS7.6AI score0.0074EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/13 12:0 a.m.•11 views

Huawei HarmonyOS HUKS Module Incorrect Memory Address Protection Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An incorrect memory address protection vulnerability exists in the Huawei HarmonyOS HUKS module, which can be exploited by an attacker to cause availability ...

7.5CVSS6.7AI score0.00193EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/10 12:0 a.m.•6 views

Command Execution Vulnerability in Internet Behavior Management of Beijing Tianrongxin Technology Co.

Ltd. is an information security product and service solution provider. A command execution vulnerability exists in Beijing Tianrongxin Internet Behavior Management, which can be exploited by attackers to execute arbitrary commands...

7.8AI score
Exploits0
CNVD
CNVD
•added 2025/01/10 12:0 a.m.•6 views

Google Pixel has unspecified vulnerability (CNVD-2025-05535)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an unspecified vulnerability that stems from a lack of bounds checking in emmcrpmbioctl in emmcrpmb.c, which may allow information disclosure. No details of the vulnerability are provided at this time...

6.5CVSS6.7AI score0.00087EPSS
Exploits0References1
CNVD
CNVD
•added 2025/01/10 12:0 a.m.•7 views

Student Grading System SQL Injection Vulnerability (CNVD-2025-03172)

Student Grading System is a student grading system. A SQL injection vulnerability exists in Student Grading System version 1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of the file /viewstudents.php. An attacker can exploit this vulnerability ...

9.8CVSS7.9AI score0.00509EPSS
Exploits1References1
CNVD
CNVD
•added 2025/01/10 12:0 a.m.•4 views

Command Execution Vulnerability in Internet Behavior Management System of Beijing Tianrongxin Technology Co.

Ltd. is an information security product and service solution provider. A command execution vulnerability exists in the Internet behavior management system of Beijing Tianrongxin Technology Co., Ltd, which can be exploited by attackers to execute arbitrary commands...

7.8AI score
Exploits0
Total number of security vulnerabilities130931