Apache OpenOffice Security Bypass Vulnerability (CNVD-2025-29166)

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by attackers to...

Binary Vulnerability in DH2100+ of Shenzhen Greenlink Technology Co.

The DH2100+ is a private cloud network storage appliance NAS for home and personal users. A binary vulnerability exists in the Shenzhen Greenlink DH2100+, which can be exploited by attackers to cause a denial of service...

Fortinet FortiClientWindows Access Control Error Vulnerability

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An Access Control Error vulnerabili...

Small CRM manage-tickets.php file SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the frmid and aremark parameters of manage-tickets.php. An attacker can exploit this vulnerability to execu...

Web-Based Internet Laboratory Management System /settings/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /settings/controller.php. An attacker...

Web-Based Internet Laboratory Management System controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. The Web-Based Internet Laboratory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file /course/controller.php. An attacker...

Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...

WordPress ArtiBot Free Chat Bot for WebSites plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ArtiBot Free Chat Bot for WebSites plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

WordPress everviz plugin cross-site scripting vulnerability

WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Online Shopping Portal search-result.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the product parameter of search-result.php. An attacker can exploit this vulnerability to execute...

Dell SmartFabric OS10 Software Code Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a code injection vulnerability that can be exploited by an attacker to cause code execution...

Small CRM change-password.php File SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the oldpass parameter of change-password.php. This vulnerability can be exploited by an attacker to execute...

Web-Based Internet Laboratory Management System /enrollment/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /enrollment/controller.php. An attacke...

Fortinet FortiExtender Buffer Overflow Vulnerability

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet. The Fortinet FortiExtender suffers from a buffer overflow vulnerability that originates from buffer copying without checking the input size, which can be exploited by an attacker to cause an authenticated us...

School Fees Payment Management System /ajax.php?action=save_student file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

Complaint Management System between-date-userreport.php file SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the fromdate and todate parameters in between-date-userreport.php. An attacker can...

Complaint Management System between-date-userreport.php file cross-site scripting vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the fromdate and todate parameters in between-date-userreport.php, whic...

School Fees Payment Management System /ajax.php?action=save_course File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the parameter ID of the file...

Dell SmartFabric OS10 Software Command Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that can be exploited by an attacker to cause code execution...

Online Shopping Portal my-cart.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the quantity parameter of my-cart.php, which can be exploited to execute arbitrary Web...

School Fees Payment Management System /ajax.php File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

Complaint Management System reset-password.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the email and mobileno parameters of reset-password.php. An attacker can exploit this...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-891462)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

D-Link DIR-823G Denial of Service Vulnerability

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A security vulnerability exists in D-Link DIR-823G A1 v1.0.2B05, which originates from a null pointer dereference in the SetWLanRadioSettings function. An attacker can exploit this vulnerability to cause a DoS...

D-Link DIR-823G Command Injection Vulnerability

The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a command injection vulnerability that stems from the failure of timelycheck and sysconf binari...

Unspecified vulnerability in mall-swarm

mall-swarm is a microservice mall system. There is a security vulnerability in mall-swarm, which originates from the mishandling of the orderID parameter in the paySuccess function in the file /order/paySuccess, for which no detailed vulnerability details are available at this time...

WordPress Survey Maker plugin missing license vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. A lack of authorization vulnerability exists in WordPress Survey Maker plugin, which can be exploited by ...

Simple Online Hotel Reservation System edit_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. The Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the /admin/editaccount.php file that does not securely filter the adminid parameter. An attacker can explo...

Google Chrome DevTools Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a DevTools mal-implementation vulnerability that can be exploited by an attacker to cause a sandbox escape...

DELL Alienware Command Center No Action Response Error Condition Detection Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center suffers from a no action response error condition detection vulnerabilit...

Google Chrome Code Problem Vulnerability (CNVD-2025-29240)

Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 136.0.7103.59, which stems from a flaw in the security handling of the sandboxing mechanism. The vulnerability can be exploited by an attacker to achieve a sandbox escape via a...

Student Information System register.php File SQL Injection Vulnerability

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from improper handling of user input in the /register.php file. No details of the vulnerability are available at this time...

WordPress Plugin Comment Edit Core - Simple Comment Editing Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...

Rockwell Automation Arena Stack Buffer Overflow Vulnerability

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. Rockwell Automation Arena suffers from a stack buffer overflow vulnerability that originates when the program fails to properly validate the length and size of input data, which could be...

Advantech TP-3250 Denial of Service Vulnerability

Advantech TP-3250 is a printer from Advantech, China. The Advantech TP-3250 suffers from a denial of service vulnerability due to a heap corruption flaw in DrvUIx64Advantech.dll when DocumentPropertiesW is called with a valid dmDriverExtra but outputs a buffer. An attacker can exploit this...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-879182)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

WordPress Frontend File Manager Plugin Missing Authorization Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. A lack of authorization vulnerability exists in WordPress Frontend File Manager Plugin, which can be exploited b...

DELL Alienware Command Center Temporary File Insecurity Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center has a temporary file insecurity vulnerability that can be exploited by...

Desktop Alert PingAlert Cross-Site Scripting Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...

DELL Alienware Command Center Improper Access Control Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An improper access control vulnerability exists in DELL Alienware Command Center, which can be exploit...

D-Link DIR-823G Command Injection Vulnerability (CNVD-2025-30949)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

mall-swarm authorization issue vulnerability (CNVD-2026-10881)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from an improper authorization issue in the updateAttr function in the file /cart/update/attr. No detailed vulnerability details are available at this time...

mall-swarm authorization issue vulnerability (CNVD-2026-10877)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...

Apache OpenOffice External File Loading Vulnerability

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...

Apache OpenOffice Out-of-Bounds Write Vulnerability

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. Apache OpenOffice suffers from an out-of-bounds write vulnerability that originates from out-of-bounds writes to memory buffers, which can be exploited by a remote attacker to crash the program...

Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00024)

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...

Student Record Management System login.php File SQL Injection Vulnerability

Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...

Google Chrome Code Problem Vulnerability (CNVD-2025-29241)

Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in the Lens feature in Google Chrome prior to version 136.0.7103.59, which stems from an imperfect validation mechanism for QR codes. The vulnerability can be exploited by an attacker to conduct an interface...

Google Chrome Code Problem Vulnerability (CNVD-2025-29239)

Google Chrome is Google's web browser. A security vulnerability exists in Google Chrome versions prior to 134.0.6998.35, which stems from an inadequate validation mechanism for the web application installation process. The vulnerability can be exploited by an attacker to conduct an interface...

Google Chrome Buffer Overflow Vulnerability (CNVD-2025-29237)

Google Chrome is a web browser developed by Google. A security vulnerability exists in versions prior to Google Chrome 133.0.6943.141, which stems from the V8 engine mishandling malicious HTML pages. The vulnerability can be exploited by an attacker to trigger heap corruption via specially crafte...