130931 matches found
Chat System deleteroom.php File SQL Injection Vulnerability
Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter id of the /admin/deleteroom.php file. An attacker can exploit this vulnerability to execute illegal SQL commands t...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02239)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...
Unspecified Vulnerability in Selesta Visual Access Manager (CNVD-2025-22661)
Selesta Visual Access Manager is a visual access manager from Selesta. A security vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to write arbitrary files by manipulating the POST parameter of the page common/vamSql.php...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-01701)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by attackers to potentially compromise availability...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22659)
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to perform SQL injection...
Sichuan Ruihu Network Technology Co., Ltd. Ruihu group control there are information leakage vulnerabilities
Sichuan Ruihu Network Technology Co., Ltd. is an innovative technology service provider focusing on hospital Internet application platform. Sichuan Ruihu Network Technology Co., Ltd. Ruihu site group control information leakage vulnerability, attackers can use the vulnerability to obtain sensitiv...
Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02247)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A security vulnerability exists in Huawei HarmonyOS and...
D-Link DIR-816 A2 /goform/form2IPQoSTcAdd Access Control Error Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2IPQoSTcAdd. An attacker can exploit this vulnerability to be able to set th...
IBM Concert Input Validation Error Vulnerability (CNVD-2025-02547)
IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. An input validation error vulnerability exists in IBM Concert versions 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3, which stems from incorrect log...
Selesta Visual Access Manager SQL Injection Vulnerability
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from a lack of validation of the GET parameter of /common/ajaxfunction.php against an externally entered SQL statement. An attacker can exploi...
Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22579)
Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that can be exploited by an attacker to perform SQL injection in multiple POST parameters of /var/vamanagraph.php...
Huawei HarmonyOS Information Disclosure Vulnerability (CNVD-2025-01605)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability. An attacker can exploit the vulnerability to execute an attack, which may lead to confidential information...
huawei HarmonyOS Privilege Permission and Access Control Issues Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a cross-process page stacking vulnerability in UIExtension. An attacker could exploit t...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
Siemens SIMATIC S7-1200 CPU Cross-Site Request Forgery Vulnerability
SIMATIC S7-1200 CPU products are designed for discrete and continuous control in industrial environments such as global manufacturing, food and beverage, and the chemical industry.SIPLUS extreme products are designed to operate reliably under extreme conditions and are based on SIMATIC, LOGO!,...
Siemens Siveillance Video Camera Driver Information Disclosure Vulnerability
Siveillance Video formerly known as Siveillance VMS is a powerful IP video management software designed for deployments ranging from small and simple to large-scale and high-security.The Siveillance Video family of products portfolio consists of four editions: Siveillance Video Core, Core Plus,...
Siemens Mendix LDAP Injection Vulnerability
Mendix LDAP is a client-side implementation of the Lightweight Directory Access Protocol LDAP that allows your application to communicate with an LDAP server, such as the local Microsoft Active Directory AD. An injection vulnerability exists in Siemens Mendix LDAP, which can be exploited by an...
Siemens Industrial Edge Management Cross-Site Scripting Vulnerability
Industrial Edge represents an open, ready-to-use edge computing platform consisting of edge devices, edge applications, edge connectivity, and application and device management infrastructure. A cross-site scripting vulnerability exists in Siemens Industrial Edge Management, which can be exploite...
Siemens SIPROTEC 5 Improper File Access Restriction Vulnerability
SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other applications. A File Access Improperly Restricted vulnerability exists in Siemens SIPROTEC 5. The vulnerability, which arises from the device not properly restricti...
TOTOLINK A6000R enable_wsh Command Injection Vulnerability
The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. A security vulnerability exists in the handling of the modifyOne parameter in the TOTOLINK A6000R enablewsh function, which can be...
Linksys E7350 reset_wifi command injection vulnerability
The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the devname parameter by the Linksys E7350 resetwifi function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...
Huawei HarmonyOS Findnetwork Module Command Validation Bypass Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A command authentication bypass vulnerability exists in the Huawei HarmonyOS Findnetwork module, which can be exploited by an attacker to submit a special...
Huawei HarmonyOS Connectivity Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Connectivity module, which can be exploited by an attacker to cause functionality anomalies...
Huawei HarmonyOS Window Management Module Incorrect Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An incorrect privilege control vulnerability exists in the Huawei HarmonyOS window management module, which can be exploited by an attacker to compromise...
Linksys E7350 apcli_wps_gen_pincode command injection vulnerability
The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter by the Linksys E7350 apcliwpsgenpincode function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...
Linksys E7350 apcli_do_enr_pin_wps Command Injection Vulnerability
The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclidoenrpinwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context t...
Huawei HarmonyOS Authentication Module Access Control Vulnerability
Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. An access...
Cisco Crosswork Network Controller Cross-Site Scripting Vulnerability
Cisco Crosswork Network Controller is a network controller from Cisco USA. The Cisco Crosswork Network Controller suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive...
Huawei HarmonyOS Device Driver Module Buffer Overflow Vulnerability
Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. A buffer...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01386)
Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01384)
Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...
Vulnerabilities in Permission Issues in Various Apple Products
macOS is a set of operating systems developed by Apple to run on the Macintosh family of computers. iPhone OS is an operating system developed by Apple for the iPhone and iPod touch. watchOS is a set of watch operating systems developed by Apple for use with the Apple Watch based on iOS. iPadOS i...
Linux kernel buffer overflow vulnerability (CNVD-2025-02550)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a buffer overflow vulnerability that can be exploited by attackers to cause EROFS data corruption...
Huawei HarmonyOS Account Module Elevation of Privilege Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a privilege extraction vulnerability in the Account module. An attacker could exploit t...
Unspecified Vulnerability in SonicWALL SonicOS (CNVD-2025-01660)
SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWall SonicOS that stems from the presence of a server-side request forgery vulnerability. A remote attacker can exploit this vulnerability to...
Huawei HarmonyOS Distributed Notification Module Competitive Conditions Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS Distributed Notification Module, which can be exploited by an attacker to cause...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01385)
Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...
Linksys E7350 vif_enable Command Injection Vulnerability
The Linksys E7350 is a wireless router device from Leadsys. An input validation vulnerability exists in the handling of the iface parameter by the Linksys E7350 vifenable function, which can be exploited by a remote attacker to submit a special request that can be used in the application context ...
Linksys E7350 apcli_cancel_wps Command Injection Vulnerability
The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclicancelwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...
TOTOLINK A6000R action_passwd command injection vulnerability
The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding network experience. A security vulnerability exists in the TOTOLINK A6000R actionpasswd function's handling of the newpasswd parameter, which can be exploite...
emlog /admin/article.php parameter IMAGE cross-site scripting vulnerability
emlog is a PHP and MySQL based CMS builder. A cross-site scripting vulnerability exists in the emlog /admin/article.php processing IMAGE, which can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessions whe...
TOTOLINK A6000R reset_wifi command injection vulnerability
The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. TOTOLINK A6000R suffers from a command injection vulnerability, which originates from the devname parameter of the resetwifi function,...
Linksys E7350 vif_disable Command Injection Vulnerability
The Linksys E7350 is a wireless router device from Leadsys. An input validation vulnerability exists in the handling of the iface parameter by the Linksys E7350 vifdisable function, which can be exploited by a remote attacker to submit a special request that can be used in the application context...
Huawei HarmonyOS Device Node Access Module Memory Misreference Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS device node access module, which can be exploited by an attacker to cause a device service...
TOTOLINK A6000R action_reboot command injection vulnerability
The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. A security vulnerability exists in the handling of the opmode parameter in the TOTOLINK A6000R actionreboot function, which can be...
Huawei HarmonyOS HUKS Module Incorrect Memory Address Protection Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An incorrect memory address protection vulnerability exists in the Huawei HarmonyOS HUKS module, which can be exploited by an attacker to cause availability ...
Command Execution Vulnerability in Internet Behavior Management of Beijing Tianrongxin Technology Co.
Ltd. is an information security product and service solution provider. A command execution vulnerability exists in Beijing Tianrongxin Internet Behavior Management, which can be exploited by attackers to execute arbitrary commands...
Google Pixel has unspecified vulnerability (CNVD-2025-05535)
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an unspecified vulnerability that stems from a lack of bounds checking in emmcrpmbioctl in emmcrpmb.c, which may allow information disclosure. No details of the vulnerability are provided at this time...
Student Grading System SQL Injection Vulnerability (CNVD-2025-03172)
Student Grading System is a student grading system. A SQL injection vulnerability exists in Student Grading System version 1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of the file /viewstudents.php. An attacker can exploit this vulnerability ...
Command Execution Vulnerability in Internet Behavior Management System of Beijing Tianrongxin Technology Co.
Ltd. is an information security product and service solution provider. A command execution vulnerability exists in the Internet behavior management system of Beijing Tianrongxin Technology Co., Ltd, which can be exploited by attackers to execute arbitrary commands...