130931 matches found
TOTOLINK A3300R pppoeMtu Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...
TOTOLINK A3300R stunMaxAlive Parameter OS Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A3300R stunMaxAlive parameter, which originates from the cstecgi.cgi file failing to handle the stunMaxAlive parameter correctly, and can be...
TOTOLINK A3300R user parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R user parameter, which originates from the failure of the user parameter in cstecgi.cgi to properly filter special characters, and can be exploited by an...
TOTOLINK A3300R provider parameter command injection vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R provider parameter, which can be exploited by an attacker to execute arbitrary commands by sending a malicious request to the parameter...
TOTOLINK A3300R week parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R week parameter, which originates from the week parameter of /cgi-bin/cstecgi.cgi in firmware v17.0.0cu.557B20221024 that fails to properly handle user input...
TOTOLINK A3300R password parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R password parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the password parameter of...
TOTOLINK A3300R ttlWay Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R ttlWay parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the ttlWay parameter of...
TOTOLINK A3300R pppoeServiceName Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeServiceName parameter suffers from a command injection vulnerability that stems from the cstecgi.cgi file failing to properly validate the pppoeServiceName parameter, which can be exploited by an...
TOTOLINK A3300R interval parameter command injection vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R interval parameter, which occurs when the /cgi-bin/cstecgi.cgi file fails to properly handle the interval parameter and can be exploited by an attacker ...
TOTOLINK A3300R stunMinAlive Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunMinAlive parameter, which stems from a failure to properly handle the stunMinAlive parameter in cstecgi.cgi, and can be exploited by an attacker to...
Microsoft Partner Center Access Control Vulnerability
Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...
TOTOLINK A3300R informEnable Parameter Command Injection Vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R informEnable parameter, which stems from the cstecgi.cgi file failing to properly validate the informEnable parameter and can be exploited by an attacke...
ToToLink A3300R cstecgi.cgi url Parameter Command Injection Vulnerability
ToToLink A3300R is a router product that provides network connectivity and data transfer. The ToToLink A3300R suffers from a command injection vulnerability that stems from failing to properly validate the input of the url parameter of /cgi-bin/cstecgi.cgi, which can be exploited by an attacker t...
TOTOLINK A3300R stunPort Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunPort parameter, which originates from /cgi-bin/cstecgi.cgi failing to properly validate the stunPort parameter, and can be exploited by an attacker to...
TOTOLINK A3300R mode parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R mode parameter, which originates from /cgi-bin/cstecgi.cgi failing to properly filter the mode parameter, and can be exploited by an attacker to execute...
TOTOLINK A3300R dhcpMtu Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R dhcpMtu parameter, which can be exploited by an attacker to execute arbitrary commands by sending a specially crafted request to /cgi-bin/cstecgi.cgi...
TOTOLINK A3300R stun_user parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunuser parameter, which originates from the failure of the stunuser parameter in the cstecgi.cgi file to properly validate user input, and can be exploite...
TOTOLINK A3300R stunEnable Parameter Command Injection Vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunEnable parameter, which stems from the cstecgi.cgi file failing to properly handle the stunEnable parameter and can be exploited by an attacker to...
OpenClaw Remote Code Execution Vulnerability (CNVD-2026-18601)
OpenClaw is a software platform for device pairing and node management, with key features including device authentication, node-wide gateway control, and remote command execution. OpenClaw suffers from a remote code execution vulnerability that stems from a device pairing node failing to properly...
TOTOLINK A3300R stunServerAddr Parameter OS Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A3300R stunServerAddr parameter, which originates from the cstecgi.cgi file failing to properly validate the stunServerAddr parameter, which can ...
Linux kernel local elevation of privilege vulnerability (CNVD-2026-19044)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A local elevation of privilege vulnerability exists in the Linux kernel, which stems from a flaw in the logic of the crypto: algifaead module when handling AEAD operations, and...
IBM Guardium Data Protection Web UI Cross-Site Scripting Vulnerability
IBM Guardium Data Protection is a data security and activity monitoring platform for database auditing, vulnerability assessment and compliance management. A cross-site scripting vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from the failure of the Web UI to proper...
IBM Guardium Data Protection Directory Traversal Vulnerability
IBM Guardium Data Protection is a data security and compliance monitoring platform for database activity monitoring, vulnerability assessment and sensitive data discovery. A directory traversal vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from a failure to properl...
IBM Verify Identity Access Container Weak Encryption Algorithm Vulnerability
IBM Verify Identity Access Container is an identity and access management solution for providing secure single sign-on and access control. A weak cryptographic algorithm vulnerability exists in IBM Verify Identity Access Container. The vulnerability stems from the product's use of a...
Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18427)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle for running multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Oracle MySQL Server Optimizer Denial of Service Vulnerability (CNVD-2026-18578)
Oracle MySQL Server is an open source relational database management system for storing, managing and retrieving data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: Optimizer component to properly handle a specific request a...
Oracle MySQL Server Partition Component Denial of Service Vulnerability
Oracle MySQL Server is an open source relational database management system that provides data storage, querying and management capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the Server:Partition component failing to properly handle a...
Oracle MySQL Shell Core Client Denial of Service Vulnerability (CNVD-2026-18573)
Oracle MySQL Shell is a command line tool for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an attacker to cause MySQL...
Oracle VM VirtualBox Core Component Denial of Service Vulnerability
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A denial of service vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a flaw in the Core component, which can be exploited by an attacker to...
Oracle Solaris Kernel Denial of Service Vulnerability
Oracle Solaris is a Unix-like operating system developed by Oracle Corporation for use in server and enterprise-class computing environments. A denial of service vulnerability exists in Oracle Solaris. The vulnerability stems from a failure of a kernel component to properly handle certain...
Oracle Fusion Middleware Dynamic Monitoring Service Cross-Site Scripting Vulnerability
Oracle Fusion Middleware is a suite of middleware products for building and deploying enterprise-class applications, integrations and business processes. A cross-site scripting vulnerability exists in the Dynamic Monitoring Service component of Oracle Fusion Middleware. The vulnerability stems fr...
Oracle MySQL Server GIS Component Denial of Service Vulnerability
Oracle MySQL Server is an open source relational database management system with a GIS component that provides geospatial data processing capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the GIS component to properly handle a...
Oracle VM VirtualBox Core Component Memory Corruption Vulnerability (CNVD-2026-18426)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to create and run virtual machines on host operating systems. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory...
Oracle Database Server Java VM Component Data Disclosure Vulnerability
Oracle Database Server is a relational database management system with a Java VM component that supports running Java programs in the database. A data disclosure vulnerability exists in Oracle Database Server. The vulnerability arises from a failure of the Java VM component to properly handle a...
Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18425)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Oracle MySQL Shell Core Client Denial of Service Vulnerability (CNVD-2026-18574)
Oracle MySQL Shell is a command line tool and advanced client for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an...
Oracle VM VirtualBox Core Component Denial of Service Vulnerability (CNVD-2026-18569)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle that supports running multiple operating systems on a single host. A denial of service vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle RDP...
Oracle VM VirtualBox Core Component Memory Corruption Vulnerability
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...
Oracle VM VirtualBox Core Component Elevation of Privilege Vulnerability (CNVD-2026-18539)
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. An elevation of privilege vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle privilege...
Oracle MySQL Server Optimizer Denial of Service Vulnerability (CNVD-2026-18428)
Oracle MySQL Server is an open source relational database management system for storing, managing and retrieving data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: Optimizer component to properly handle a specific request a...
Oracle MySQL Server DML Component Denial of Service Vulnerability
Oracle MySQL Server is an open source relational database management system for storing, querying and managing data. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: DML component to properly handle a specific request and can b...
Oracle MySQL Server InnoDB Component Denial of Service Vulnerability (CNVD-2026-18430)
Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL Server. The vulnerability stems from a flaw in the...
Oracle MySQL Server InnoDB Component Denial of Service Vulnerability (CNVD-2026-18431)
Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL Server. The vulnerability stems from an internal...
Oracle MySQL Server InnoDB Denial of Service Vulnerability (CNVD-2026-18432)
Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the InnoDB component failing to properly...
Oracle MySQL Server JSON Component Denial of Service Vulnerability
Oracle MySQL Server is an open source relational database management system that provides data storage, querying and management capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: JSON component to properly handle...
Oracle MySQL Server InnoDB Component Denial of Service Vulnerability (CNVD-2026-18576)
Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL Server. The vulnerability stems from a flaw in the...
Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2026-20171)
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows Kernel, which can be exploited by attackers to obtain sensitive information...
Microsoft Windows SSDP Elevation of Privilege Vulnerability
Microsoft Windows SSDP is a simple service discovery provider program from Microsoft USA. Microsoft Windows SSDP suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Microsoft Windows Shell Elevation of Privilege Vulnerability (CNVD-2026-20175)
The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...
Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2026-20173)
The Microsoft Windows Kernel is the kernel of the Windows operating system from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows Kernel, which can be exploited by attackers to obtain sensitive information...