130931 matches found
fortinet FortiVoice Operating System Command Injection Vulnerability
FortiVoice is Fortinet's all-in-one enterprise voice over IP communications system. A command injection vulnerability exists in the Fortinet FortiVoice operating system that stems from improper neutralization of specific elements. An attacker could exploit this vulnerability to construct a...
fortinet FortiAnalyzer License Issues Vulnerability
FortiAnalyzer is Fortinet's centralized security analysis and reporting platform. A security vulnerability exists in FortiAnalyzer that stems from a flaw in the authentication mechanism for OFTP requests. An attacker can exploit this vulnerability to obtain device operational status information o...
fortinet FortiOS Resource Management Error Vulnerability (CNVD-2025-24143)
FortiOS is Fortinet's network operating system that provides firewall, VPN and network security features. A security vulnerability exists in Fortinet FortiOS that stems from an API interface that does not validate return values. An attacker could use this vulnerability to trigger a null pointer...
Fortinet FortiOS Access Control Error Vulnerability (CNVD-2025-24145)
Fortinet FortiOS is a network operating system developed by Fortinet for use in its firewall and network security appliances. A security vulnerability exists in Fortinet FortiOS that stems from a flaw in the authorization mechanism. An attacker could exploit the vulnerability to access static fil...
fortinet FortiAnalyzer Competitive Conditions Issue Vulnerability
FortiAnalyzer is Fortinet's centralized security log management and analysis platform. FortiAnalyzer suffers from a competitive condition vulnerability that stems from an improper synchronization mechanism for shared resources. An attacker can exploit this vulnerability to bypass the FortiCloud...
fortinet FortiADC Information Disclosure Vulnerability
FortiADC is an application delivery controller from Fortinet designed to optimize application performance, provide load balancing and enhance security. FortiADC suffers from a security vulnerability that stems from the program's failure to provide adequate access control for sensitive data access...
Fortinet FortiPAM OS Command Injection Vulnerability (CNVD-2025-24146)
FortiPAM is Fortinet's privileged access management solution for centralized management of sensitive enterprise credentials. A security vulnerability exists in Fortinet FortiPAM that stems from an insufficiently strong authentication mechanism. An attacker could exploit the vulnerability to execu...
UTT HiPER 840G Buffer Overflow Vulnerability
The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27743)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
E-Commerce Website user_index_search.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /pages/userindexsearch.php. An attacker can exploit this vulnerability to...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24050)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...
QNAP QTS and QuTS hero null pointer dereference vulnerability
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27560)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27566)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
Huawei HarmonyOS sensor service buffer overflow vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS sensor service, which can be exploited by attackers to affect availability...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27564)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
Bold Workplanner Insecure Direct Object Reference Vulnerability
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. An insecure direct object reference vulnerability exists in Bold Workplanner versions prior to 2.5.25, which stems from a lack of sufficient validation of user input, and can be...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24043)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic employee details using an unauthorized internal...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24041)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic contract details using an unauthorized internal...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24045)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access the date of current contract details using an...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24047)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access permission lists using unauthorized internal identifie...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24048)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access functional contract details using an unauthorized...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24044)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access plan counter details using an unauthorized internal...
QNAP Qsync Central Unlimited Resource Allocation Vulnerability
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by attackers to cause a denial of service...
WordPress CM Registration plugin open redirection vulnerability
WordPress CM Registration plugin is a WordPress plugin for optimizing the user login and registration experience, supporting AJAX login/registration page, invitation code registration, multi-user role assignment and other functions. The WordPress CM Registration plugin suffers from an open redire...
WordPress Colibri Page Builder plugin cross-site scripting vulnerability
WordPress Colibri Page Builder plugin is a plugin for ColibriWP theme to add drag-and-drop page building functionality , through visual operations to achieve modular page design . The WordPress Colibri Page Builder plugin suffers from a cross-site scripting vulnerability that stems from a lack of...
WordPress Betheme plugin cross-site scripting vulnerability
WordPress Betheme plugin is a WordPress multipurpose theme that is mainly used to quickly build different types of websites such as corporate, blog, e-commerce and so on. WordPress Betheme plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and outp...
Fuji Electric V-SFT Out-of-Bounds Read Vulnerability
Fuji Electric V-SFT is a human-machine interface HMI configuration software developed by Fuji Electric FujiElectric, which is mainly used for touch-screen interface design, PDF document viewing, video playback, alarm message management and other functions in the field of industrial automation. Fu...
WordPress Postie Plugin Cross-Site Scripting Vulnerability
WordPress Postie Plugin is a plugin that is mainly used for publishing posts via email. WordPress Postie Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker...
ERPNext filters.disabled parameter SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the filters.disabled parameter of the getincomeaccount function. An attacker can...
ERPNEXT group_by parameter SQL Injection Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the orderby and groupby parameters against externally entered SQL statements. An attacker can exploit this vulnerability...
UTT 1250GW Buffer Overflow Vulnerability
The UTT 1250GW is an enterprise-grade wireless router from Atech Technology Ltd. designed for SOHO Small Office/Home Office environments, focusing on wireless coverage and network management features. The UTT 1250GW suffers from a buffer overflow vulnerability, which originates from the parameter...
QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30289)
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...
QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30290)
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...
QNAP Qsync Central Uncontrolled Resource Consumption Vulnerability
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an uncontrolled resource consumption vulnerability that can be exploited by attackers to cause a denial of service...
E-Banking System SQL Injection Vulnerability
E-Banking System is an electronic banking system. E-Banking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /register.php. An attacker can exploit this vulnerability ...
Online Complaint Site category.php File SQL Injection Vulnerability
Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /admin/category.php. An attacker can exploit this vulnerabilit...
Online Job Search Engine registration.php File SQL Injection Vulnerability
Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtusername in the file /registration.php. An attacker can exploit this...
Project Monitoring System useredit.php File SQL Injection Vulnerability
Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...
Courier Management System add-courier.php File SQL Injection Vulnerability
Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24042)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that stems from the misuse of the Generic Query Web Service, no details of the vulnerability are...
Juniper Networks Junos OS Evolved Operating System Command Injection Vulnerability
Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Juniper Networks Junos OS Evolved suffers from an operating system command injection vulnerability that stems from improper handling of special elements, which could be exploited by an attacker to cause an OS...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27740)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27741)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
QNAP Qsync Central SQL Injection Vulnerability
QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...
QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-27801)
QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27744)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System, which arises from unvalidated input to the Description field in the Add Room function, no details of the vulnerability are...
Tenda W12 Null Pointer Dereference Vulnerability
Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. A null pointer dereference vulnerability...
Tenda AC7 Command Injection Vulnerability
Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the failure to properly filter the parameter lanIp in the file /goform/AdvSetLanip to construct command special characters, commands, etc...