Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Online Event Judging System edit_judge.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter judgeid in the file /editjudge.php. An attacker can exploit this...

8.8CVSS8.3AI score0.00301EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29084)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an elevation of privilege vulnerability that is caused by...

10CVSS7.1AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•7 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Online Event Judging System add_contestant.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fullname in the file /addcontestant.php. An attacker can exploi...

8.8CVSS7.1AI score0.00299EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Command Execution Vulnerability A command execution vulnerability exists due to...

10CVSS7.8AI score0.00496EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

7.3CVSS7.7AI score0.00499EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Tenda O3 formAdvSetLanip function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version exists a buffer overflow vulnerability, the vulnerability stems from the file /goform/AdvSetLanip function SetValue/GetValue parameter lanIp fails to correctly validate the length of the input data size, the...

9.8CVSS8.3AI score0.00978EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

DELL SupportAssist OS Recovery Information Disclosure Vulnerability

DELL SupportAssist OS Recovery is a standalone recovery tool pre-installed by Dell on some Windows 10/11 computers to diagnose hardware problems, repair the system, backup files or restore factory settings. DELL SupportAssist OS Recovery suffers from an information disclosure vulnerability that...

5.5CVSS6.2AI score0.00099EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Client Details System welcome.php File SQL Injection Vulnerability

Client Details System is a client information system. Client Details System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file clientdetails/welcome.php. An attacker can exploit this...

8.8CVSS8AI score0.00343EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27704)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27707)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27708)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27706)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27703)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient PROT parameter cleanup and escaping, which can be exploited by an attacker to steal a victim's...

5.4CVSS6.6AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Simple Food Ordering System addproduct.php File Upload Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /addproduct.php. No details of the vulnerability are available at this time...

9.8CVSS7.5AI score0.00479EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2025-26886)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that is caused by the use of a WebGPU internal release triggered by an infected child process. An attacker could exploit the vulnerability to...

9.8CVSS7.9AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

WordPress Plugin Activity Plus Reloaded for BuddyPress Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Activity Plus Reloaded for...

6.5CVSS6AI score0.00186EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is due to improper privileg...

10CVSS6.6AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•7 views

Tenda CH22 formRouteStatic function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in Tenda CH22 version 1.0.0.1, which originates from the parameter page in the file /goform/RouteStatic that fails to correctly validate the length and size of the input data, and can be exploited by an...

9.8CVSS9.2AI score0.00935EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27637)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. A cross-site scripting vulnerability exists in IPFire that stems from the COUNTRYCODE parameter not being properly cleaned and encoded, which can be exploited by an attacker to...

5.4CVSS6.3AI score0.05013EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Simple Food Ordering System editproduct.php file cross-site scripting vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters pname, category, and price in the file /editproduct.php,...

6.1CVSS4.6AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

WordPress Plugin Publitio Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin Publitio, which can be...

7.5CVSS6AI score0.00244EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

Tenda CH22 formSetIpBind Function Buffer Overflow Vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSetIpBind in the file /goform/SetIpBind that fails to correctly validate the length of the input data, and can be...

8.6CVSS8.4AI score0.04866EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Online Event Judging System edit_contestant.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contestantid in the file /editcontestant.php. An attacker can...

8.8CVSS7.1AI score0.00396EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Nero Social Networking Site acceptoffres.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /acceptoffres.php. An attacker can exploit this vulnerability t...

9.8CVSS7.9AI score0.00431EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29088)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the creation of an undocument...

10CVSS6.6AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Tenda CH22 fromSafeUrlFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeUrlFilter in the file /goform/SafeUrlFilter fails to correctly validate the length of the input data, and can...

9CVSS8.3AI score0.04384EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Simple Food Ordering System addproduct.php file cross-site scripting vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter pname/category/price in the file /addproduct.php, which c...

6.1CVSS4.6AI score0.00356EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

E-Commerce Website supplier_add.php file cross-site scripting vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplieradd.php, which can be exploite...

6.1CVSS6AI score0.00356EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29091)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have a security vulnerability that stems from a dependency on a vulnerable third-par...

10CVSS7AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•7 views

ZTE ZXMP M721 Private Key Disclosure Vulnerability

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE, China. The ZTE ZXMP M721 suffers from a private key disclosure vulnerability, which originates from a low-privilege user being able to bypass authorization checks to view the device's communication private key, and...

7.7CVSS5.9AI score0.00311EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Tenda O3 formsetDmzInfo function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 version 1.0.0.10 has a buffer overflow vulnerability, the vulnerability stems from the function SetValue/GetValue parameter dmzIP in the file /goform/setDmzInfo fails to correctly validate the length and size of the input data,...

9.8CVSS8.4AI score0.00759EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Dell Storage Manager Critical Function Missing Authentication Vulnerability

Dell Storage Manager is a centralized management tool for Dell storage products, used for daily management and monitoring of storage devices such as SC Series, PS Series, and others. Dell Storage Manager suffers from a Critical Function Missing Authentication vulnerability, no details of the...

8.6CVSS6.9AI score0.00564EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

D-Link DIR-823G Buffer Overflow Vulnerability (CNVD-2025-26157)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a buffer overflow vulnerability that stems from the FillMacCloneMac parameter failing to properly validate the length size of input data, which can be exploited by an attacker to cause a denial of...

7.5CVSS7.5AI score0.00567EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

TOTOLINK A3300R setScheduleCfg function stack buffer overflow vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter recHour of the setScheduleCfg function o...

9CVSS9.1AI score0.0093EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

TOTOLINK A3300R lang parameter buffer overflow vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3300R version 17.0.0cu.557B20221024, which originates from the parameter lang in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length of the...

9CVSS9AI score0.00927EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

IBM Concert Software Server-Side Request Forgery Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. IBM Concert Software suffers from a server-side request forgery vulnerability th...

5.4CVSS7AI score0.0016EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

TOTOLINK A3300R setDdnsCfg function buffer overflow vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the failure of the function setDdnsCfg in the file...

9.8CVSS9.1AI score0.00753EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Tenda CH22 fromSafeMacFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in the Tenda CH22 version 1.0.0.1, which originates from the failure of the fromSafeMacFilter function parameter page in the /goform/SafeMacFilter file to correctly validate the length of the input data, and...

9CVSS9.1AI score0.00995EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Tenda CH22 fromP2pListFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromP2pListFilter in the file /goform/P2pListFilter fails to correctly validate the length of the input data, and can...

9CVSS9.2AI score0.00646EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

6.4CVSS5.9AI score0.00163EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Tenda CH22 fromVirtualSer function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromVirtualSer in the file /goform/VirtualSer that fails to correctly validate the length of the input data, and can ...

9.8CVSS8.4AI score0.00971EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Nero Social Networking Site friendprofile.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendprofile.php. An attacker can exploit this...

9.8CVSS7.8AI score0.00431EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29150)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 have an information disclosure vulnerability that is caused by an error message...

6.9CVSS6AI score0.00229EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

ZTE MC889A Pro Denial of Service Vulnerability

The ZTE MC889A Pro is a router from China's ZTE Corporation ZTE. The ZTE MC889A Pro suffers from a denial of service vulnerability that originates from insufficient validation of the input parameters of the SMS service interface, which can be exploited by an attacker to cause a denial of service...

5.3CVSS6.7AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29089)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which arises from a malicious or...

10CVSS6.8AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

WordPress Plugin ACF Recent Posts Widget Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ACF Recent Posts Widget, no...

5.4CVSS6AI score0.00191EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•7 views

FRRouting Denial of Service Vulnerability (CNVD-2026-10885)

FRRouting is FRRouting open source a network routing software suite running on a Unix-like platform . FRRouting has a denial of service vulnerability caused by NULL pointer dereference via the showvtyextlinklanadjsid function on ospfext.c, which can be exploited by an attacker to cause a denial o...

7.5CVSS5.6AI score0.00582EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Tenda AC6 Buffer Overflow Vulnerability (CNVD-2025-26160)

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the parameter shareSpeed in the file /goform/WifiGuestSet that fails to correctly validate the length and size of the input data, and c...

9CVSS8.2AI score0.00935EPSS
Exploits1References1
Total number of security vulnerabilities131179