131179 matches found
Online Event Judging System edit_judge.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter judgeid in the file /editjudge.php. An attacker can exploit this...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29084)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an elevation of privilege vulnerability that is caused by...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...
Online Event Judging System add_contestant.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fullname in the file /addcontestant.php. An attacker can exploi...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerability A command execution vulnerability exists due to...
Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)
Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...
Tenda O3 formAdvSetLanip function buffer overflow vulnerability
Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version exists a buffer overflow vulnerability, the vulnerability stems from the file /goform/AdvSetLanip function SetValue/GetValue parameter lanIp fails to correctly validate the length of the input data size, the...
DELL SupportAssist OS Recovery Information Disclosure Vulnerability
DELL SupportAssist OS Recovery is a standalone recovery tool pre-installed by Dell on some Windows 10/11 computers to diagnose hardware problems, repair the system, backup files or restore factory settings. DELL SupportAssist OS Recovery suffers from an information disclosure vulnerability that...
Client Details System welcome.php File SQL Injection Vulnerability
Client Details System is a client information system. Client Details System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file clientdetails/welcome.php. An attacker can exploit this...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27704)
IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27707)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27708)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27706)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27703)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient PROT parameter cleanup and escaping, which can be exploited by an attacker to steal a victim's...
Simple Food Ordering System addproduct.php File Upload Vulnerability
Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /addproduct.php. No details of the vulnerability are available at this time...
Mozilla Firefox Code Execution Vulnerability (CNVD-2025-26886)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that is caused by the use of a WebGPU internal release triggered by an infected child process. An attacker could exploit the vulnerability to...
WordPress Plugin Activity Plus Reloaded for BuddyPress Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Activity Plus Reloaded for...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is due to improper privileg...
Tenda CH22 formRouteStatic function buffer overflow vulnerability
Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in Tenda CH22 version 1.0.0.1, which originates from the parameter page in the file /goform/RouteStatic that fails to correctly validate the length and size of the input data, and can be exploited by an...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27637)
IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. A cross-site scripting vulnerability exists in IPFire that stems from the COUNTRYCODE parameter not being properly cleaned and encoded, which can be exploited by an attacker to...
Simple Food Ordering System editproduct.php file cross-site scripting vulnerability
Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters pname, category, and price in the file /editproduct.php,...
WordPress Plugin Publitio Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin Publitio, which can be...
Tenda CH22 formSetIpBind Function Buffer Overflow Vulnerability
Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSetIpBind in the file /goform/SetIpBind that fails to correctly validate the length of the input data, and can be...
Online Event Judging System edit_contestant.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contestantid in the file /editcontestant.php. An attacker can...
Nero Social Networking Site acceptoffres.php File SQL Injection Vulnerability
Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /acceptoffres.php. An attacker can exploit this vulnerability t...
Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29088)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the creation of an undocument...
Tenda CH22 fromSafeUrlFilter function buffer overflow vulnerability
Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeUrlFilter in the file /goform/SafeUrlFilter fails to correctly validate the length of the input data, and can...
Simple Food Ordering System addproduct.php file cross-site scripting vulnerability
Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter pname/category/price in the file /addproduct.php, which c...
E-Commerce Website supplier_add.php file cross-site scripting vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplieradd.php, which can be exploite...
Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29091)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have a security vulnerability that stems from a dependency on a vulnerable third-par...
ZTE ZXMP M721 Private Key Disclosure Vulnerability
The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE, China. The ZTE ZXMP M721 suffers from a private key disclosure vulnerability, which originates from a low-privilege user being able to bypass authorization checks to view the device's communication private key, and...
Tenda O3 formsetDmzInfo function buffer overflow vulnerability
Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 version 1.0.0.10 has a buffer overflow vulnerability, the vulnerability stems from the function SetValue/GetValue parameter dmzIP in the file /goform/setDmzInfo fails to correctly validate the length and size of the input data,...
Dell Storage Manager Critical Function Missing Authentication Vulnerability
Dell Storage Manager is a centralized management tool for Dell storage products, used for daily management and monitoring of storage devices such as SC Series, PS Series, and others. Dell Storage Manager suffers from a Critical Function Missing Authentication vulnerability, no details of the...
D-Link DIR-823G Buffer Overflow Vulnerability (CNVD-2025-26157)
The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a buffer overflow vulnerability that stems from the FillMacCloneMac parameter failing to properly validate the length size of input data, which can be exploited by an attacker to cause a denial of...
TOTOLINK A3300R setScheduleCfg function stack buffer overflow vulnerability
TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter recHour of the setScheduleCfg function o...
TOTOLINK A3300R lang parameter buffer overflow vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3300R version 17.0.0cu.557B20221024, which originates from the parameter lang in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length of the...
IBM Concert Software Server-Side Request Forgery Vulnerability
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...
TOTOLINK A3300R setDdnsCfg function buffer overflow vulnerability
TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the failure of the function setDdnsCfg in the file...
Tenda CH22 fromSafeMacFilter function buffer overflow vulnerability
Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in the Tenda CH22 version 1.0.0.1, which originates from the failure of the fromSafeMacFilter function parameter page in the /goform/SafeMacFilter file to correctly validate the length of the input data, and...
Tenda CH22 fromP2pListFilter function buffer overflow vulnerability
Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromP2pListFilter in the file /goform/P2pListFilter fails to correctly validate the length of the input data, and can...
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
Tenda CH22 fromVirtualSer function buffer overflow vulnerability
Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromVirtualSer in the file /goform/VirtualSer that fails to correctly validate the length of the input data, and can ...
Nero Social Networking Site friendprofile.php File SQL Injection Vulnerability
Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendprofile.php. An attacker can exploit this...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29150)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have an information disclosure vulnerability that is caused by an error message...
ZTE MC889A Pro Denial of Service Vulnerability
The ZTE MC889A Pro is a router from China's ZTE Corporation ZTE. The ZTE MC889A Pro suffers from a denial of service vulnerability that originates from insufficient validation of the input parameters of the SMS service interface, which can be exploited by an attacker to cause a denial of service...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29089)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which arises from a malicious or...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...
WordPress Plugin ACF Recent Posts Widget Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ACF Recent Posts Widget, no...
FRRouting Denial of Service Vulnerability (CNVD-2026-10885)
FRRouting is FRRouting open source a network routing software suite running on a Unix-like platform . FRRouting has a denial of service vulnerability caused by NULL pointer dereference via the showvtyextlinklanadjsid function on ospfext.c, which can be exploited by an attacker to cause a denial o...
Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-26160)
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the parameter shareSpeed in the file /goform/WifiGuestSet that fails to correctly validate the length and size of the input data, and c...