131179 matches found
Google Android Logic Error Vulnerability (CNVD-2025-3146618)
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a logic error issue in Session.java, which can be exploited by an attacker to view images of other users on the...
Google Android Input Validation Malpractice Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an improper input validation vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
Google Android Insecure Default Settings Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure default settings vulnerability that can be exploited by attackers to cause a local elevation of privilege...
Huawei HarmonyOS Improper Security Check Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from an Improper Security Check vulnerability that originates from a vulnerability in the improper standard security check in the card module, which can be exploited by a...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3056248)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from improper input validation, and can be exploited by an attacker to cause impact on...
Huawei HarmonyOS Competitive Conditions Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...
Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-0013753)
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-3113443)
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from the vulnerability of office service to denial of service attacks. An attacker could exploit this vulnerability ...
Student Management System /newcurriculm.php File SQL Injection Vulnerability
Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...
Online Ordering System user_contact.php File SQL Injection Vulnerability
Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...
Huawei HarmonyOS Denial of Service Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from the vulnerability of office service to denial of service attacks. An attacker could exploit this vulnerability ...
Huawei HarmonyOS office service denial of service vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS office service, which can be exploited by an attacker to cause a denial of service...
Huawei HarmonyOS camera framework module multithreaded conditional contention vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS camera framework module, which can be exploited by attackers to cause an...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097005)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
WordPress Plugin MxChat Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MxChat, which stems from...
Employee Profile Management System Code Issue Vulnerability
Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...
Google Android Logic Error Vulnerability (CNVD-2025-3146717)
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a code logic error that can be exploited by an attacker to cause a local elevation of privilege...
D-Link DCS-930L Command Injection Vulnerability
D-Link DCS-930L is a network camera from China AUO D-Link. The D-Link DCS-930L suffers from a command injection vulnerability that stems from the failure to properly filter construct command special characters, commands, etc. in the parameter AdminID in the file /setSystemAdmin. An attacker can...
Huawei HarmonyOS Multi-threaded Competitive Condition Vulnerability
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei HarmonyOS suffers from a multi-threaded competitive condition vulnerability that can be...
Google Android Logic Error Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a code logic error, and no details of the vulnerability are provided at this time...
Currency Exchange System /edittrns.php File SQL Injection Vulnerability
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...
UTT Progressive 520W Buffer Overflow Vulnerability (CNVD-2026-0079988)
The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability that originates from the parameter timeRangeName in the fi...
FreePBX SQL Injection Vulnerability (CNVD-2025-3038208)
FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...
WordPress Plugin WebP Express Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3096906)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Tenda Ax3 Buffer Overflow Vulnerability
The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A buffer overflow vulnerability exists in Tenda Ax3 version v16.03.12.11, which stems from the iptvType parameter failing to properly validate the length and size of the input data, and can be exploited by ...
Employee Profile Management System print_personnel_report.php File SQL Injection Vulnerability
Employee Profile Management System is an employee profile management system. An SQL injection vulnerability exists in Employee Profile Management System, which stems from the lack of validation of externally entered SQL statements in the parameter perid in the file /printpersonnelreport.php. An...
Simple Shopping Cart settings.php File SQL Injection Vulnerability
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter userid in the file /Customers/settings.php. An attacker can exploit this...
mall-swarm authorization issue vulnerability
mall-swarm is a microservice mall system. An authorization issue vulnerability exists in mall-swarm, which stems from incorrect manipulation of the parameter ids in the file /member/readHistory/delete, for which no detailed vulnerability details are provided at this time...
Google Android Competitive Conditions Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a competitive condition vulnerability that can be exploited by an attacker to cause bypassing of intent filters and local elevation of privilege...
Huawei HarmonyOS Competitive Conditions Vulnerability (CNVD-2026-00632)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to cause confidentiality to be compromised...
Huawei HarmonyOS camera framework module multi-threaded conditional contention vulnerability (CNVD-2026-00621)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS camera framework module, which can be exploited by an attacker to cause...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3055852)
Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from improper control of media library permissions, and can be exploited by an attacker to compromise service...
Google Android Missing Privilege Checking Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a missing privilege check vulnerability that can be exploited by attackers to cause a physical denial of service...
Google Android Permission Obfuscation Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege obfuscation vulnerability that originates from a privilege obfuscation issue in the SettingsSliceProvider.java file, which can be exploited by an...
Student Management System /edit_user.php File SQL Injection Vulnerability
Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097302)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Google Android Precondition Check Failure Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a pre-condition check failure vulnerability that can be exploited by an attacker to cause a remote elevation of privilege...
Google Android Privilege Bypass Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause activities to be launched from the background and local elevation of privilege...
Billing System password-recovery.php Endpoint SQL Injection Vulnerability
Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that stems from the username and mobileno parameters in the /admin/password-recovery.php endpoint not validating user input. An attacker can use this vulnerability to steal, tamper, or delete sensiti...
Billing System admin/index.php Endpoint SQL Injection Vulnerability
Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that originates when the username parameter in the admin/index.php endpoint is spliced directly into a back-end SQL query without validation. An attacker can exploit this vulnerability by submitting ...
Google Chrome Error Type Conversion Vulnerability
Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a mis-typed conversion vulnerability that originates from the presence of a mis-typed conversion in the loader, which can be exploited ...
Google Chrome Competitive Conditions Vulnerability
Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a competitive condition vulnerability that stems from the presence of a competitive condition in v8, which can be exploited by an...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Google Chrome Media Stream Post-Release Reuse Vulnerability (CNVD-2025-30385)
Google Chrome is a web browser developed by Google. Google Chrome Media Stream suffers from a post-release reuse vulnerability that originates from re-referencing or using freed memory, which can be exploited by remote attackers to crash an application...
Google Chrome Improperly Implemented Vulnerability
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a DevTools mal-implementation, which can be exploited by an attacker to sandbox escape by convincing a user to install a malicious extension, possibly using a...
Claude Code Code Execution Vulnerability
Claude Code is a smart endpoint programming assistant that understands code bases and helps improve development efficiency through natural language commands that perform routine tasks, interpret complex code, handle Git workflows, and more, allowing developers to complete coding operations with...
Google Chrome Reuse After Release Vulnerability
Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a post-release reuse vulnerability that stems from the reuse of digital credentials after release, which can be exploited by an attacke...
Advantech iView SQL Injection Vulnerability
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...
Google Chrome Type Obfuscation Vulnerability
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause a heap corruption attack...