Dell Unity OS Command Injection Vulnerability (CNVD-2025-27586)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

WordPress Document Library Lite plugin improper authorization vulnerability

WordPress Document Library Lite plugin is a WordPress plugin for creating document libraries and download management features with support for multiple file types and responsive layouts. The WordPress Document Library Lite plugin suffers from an improper authorization vulnerability that stems fro...

WordPress Flying Images plugin cross-site scripting vulnerability

WordPress Flying Images plugin is a WordPress plugin that is mainly used to optimize and delay loading images to improve page loading speed. WordPress Flying Images plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping ...

TOTOLINK LR350 sub_425400 function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29078)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a lack of authentication. An...

Revive Adserver SQL Injection Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

WordPress Essential Addons for Elementor plugin Authorization Missing Vulnerability

WordPress Essential Addons for Elementor plugin is an extension plugin designed for Elementor page builder, offering over 80 advanced widgets and modules for creating professional web designs. The WordPress Essential Addons for Elementor plugin suffers from an Authorization Missing vulnerability...

WordPress FuseWP plugin unauthorized data modification vulnerability

WordPress FuseWP plugin is a WordPress plugin for creating and managing multilingual websites. WordPress FuseWP plugin suffers from an unauthorized modification of data vulnerability that stems from a lack of capability check in the savechanges function, which can be exploited by an attacker to a...

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29072)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from an insufficient password...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27584)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

TOTOLINK A7000R urldecode function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability that originates from the ssid5g parameter in the urldecode function...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Cross-Site Request Forgery Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a cross-site request forgery vulnerability that is caused by imprope...

AIxBlock Cross-Site Scripting Vulnerability

AIxBlock is an AI automation platform. A cross-site scripting vulnerability exists in AIxBlock version 04f305, which stems from a modeldesc field that does not validate input and can be exploited by an attacker to cause a stored cross-site scripting attack...

WordPress Ohio Extra plugin cross-site scripting vulnerability

WordPress Ohio Extra plugin is a free WordPress plugin designed specifically for the OceanWP theme to enhance the theme functionality and improve the site building experience. WordPress Ohio Extra plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27582)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

Remote Code Execution Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A remote code execution vulnerability exists in UFIDA U8 Cloud, which can be...

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-778387)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

ZTE MC889A Pro Denial of Service Vulnerability

The ZTE MC889A Pro is a router from China's ZTE Corporation ZTE. The ZTE MC889A Pro suffers from a denial of service vulnerability that originates from insufficient validation of the input parameters of the SMS service interface, which can be exploited by an attacker to cause a denial of service...

WordPress Plugin ACF Recent Posts Widget Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ACF Recent Posts Widget, no...

WordPress Plugin Atarim Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Atarim, which originates...

WordPress Plugin Activity Plus Reloaded for BuddyPress Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Activity Plus Reloaded for...

Tenda O3 Buffer Overflow Vulnerability (CNVD-2025-26877)

Tenda O3 is an outdoor wireless bridge from Tenda, China. The Tenda O3 suffers from a buffer overflow vulnerability that stems from the parameter lan in the file /goform/setVlanConfig failing to properly validate the length of the input data, which can be exploited by an attacker to cause a stack...

WordPress Plugin ACF to REST API Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin ACF to REST API, which c...

ZTE ZXMP M721 Private Key Disclosure Vulnerability

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE, China. The ZTE ZXMP M721 suffers from a private key disclosure vulnerability, which originates from a low-privilege user being able to bypass authorization checks to view the device's communication private key, and...

WordPress Plugin Publitio Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin Publitio, which can be...

Tenda O3 formsetDmzInfo function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 version 1.0.0.10 has a buffer overflow vulnerability, the vulnerability stems from the function SetValue/GetValue parameter dmzIP in the file /goform/setDmzInfo fails to correctly validate the length and size of the input data,...

Tenda O3 formsetNetworkService function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version of the buffer overflow vulnerability, the vulnerability stems from the file / goform / setNetworkService function SetValue / GetValue parameter upnpEn failed to correctly validate the length of the input data size...

Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-26160)

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the parameter shareSpeed in the file /goform/WifiGuestSet that fails to correctly validate the length and size of the input data, and c...

Tenda O3 formAdvSetLanip function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version exists a buffer overflow vulnerability, the vulnerability stems from the file /goform/AdvSetLanip function SetValue/GetValue parameter lanIp fails to correctly validate the length of the input data size, the...

Open5GS has an unspecified vulnerability (CNVD-2025-26159)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by attackers to cause a denial-of-service attack...

DELL SupportAssist OS Recovery Information Disclosure Vulnerability

DELL SupportAssist OS Recovery is a standalone recovery tool pre-installed by Dell on some Windows 10/11 computers to diagnose hardware problems, repair the system, backup files or restore factory settings. DELL SupportAssist OS Recovery suffers from an information disclosure vulnerability that...

Tenda CH22 formSetIpBind Function Buffer Overflow Vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSetIpBind in the file /goform/SetIpBind that fails to correctly validate the length of the input data, and can be...

Tenda O3 Buffer Overflow Vulnerability (CNVD-2025-26876)

Tenda O3 is an outdoor wireless bridge from Tenda, China. The Tenda O3 suffers from a buffer overflow vulnerability that stems from the failure of the parameter enable of the SetValue/GetValue function in the file /goform/sysAutoReboot to correctly validate the length of the input data, which can...

Tenda O3 form/setDhcpConfig function function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version of the buffer overflow vulnerability exists, the vulnerability stems from the file /goform/setDhcpConfig function SetValue/GetValue parameter dhcpEn fails to correctly validate the length of the input data size, t...

Tenda CH22 fromSafeUrlFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeUrlFilter in the file /goform/SafeUrlFilter fails to correctly validate the length of the input data, and can...

Tenda CH22 fromSafeMacFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in the Tenda CH22 version 1.0.0.1, which originates from the failure of the fromSafeMacFilter function parameter page in the /goform/SafeMacFilter file to correctly validate the length of the input data, and...

IBM QRadar SIEM Elevation of Privilege Vulnerability

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

IBM OpenPages Cross-Site Scripting Vulnerability

IBM OpenPages is an AI-powered, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM OpenPages version 9.1 and 9.0, which stems from the application's lack of effective filtering and escaping of...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29086)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to a vulnerability when th...

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29085)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the use of outdated and vulnerabl...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27645)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the TLSHOSTNAME parameter, which can be exploited by an attacker to inject...

Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is due to improper privileg...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29082)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by an uncaught exceptio...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29084)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an elevation of privilege vulnerability that is caused by...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29083)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27646)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleaning and escaping of the pienumber parameter, which can be exploited by an attacker to injec...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...