Tenda AC7 /goform/WifiMacFilterSet File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet that fails to correctly validate the length of the input data, and can be...

Tenda AC7 /goform/SetUpnpCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter upnpEn in the file /goform/SetUpnpCfg that fails to correctly validate the length of the input data, and can be exploited by a...

Tenda AC7 /goform/setNotUpgrade File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter newVersion in the file /goform/setNotUpgrade that fails to correctly validate the length and size of the input data, and can b...

Huawei HarmonyOS Wi-Fi Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Wi-Fi module, which can be exploited by an attacker to compromise service confidentiality...

Huawei HarmonyOS device management module buffer overflow vulnerability vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS device management module and can be exploited by an attacker to affect availability...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24066)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

Huawei HarmonyOS Camera app privilege authentication bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege authentication bypass vulnerability exists in the Huawei HarmonyOS Camera app, which can be exploited by an attacker to compromise service...

Huawei HarmonyOS Denial of Service Leakage (CNVD-2025-24064) hole

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

Huawei HarmonyOS print module exception mishandling vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An exception mishandling vulnerability exists in the Huawei HarmonyOS print module, which can be exploited by attackers to affect availability...

Huawei HarmonyOS camera module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS camera module, which can be exploited by an attacker to compromise service confidentiality...

Huawei HarmonyOS Gallery Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Gallery module, which can be exploited by an attacker to compromise service confidentiality...

Huawei HarmonyOS Gallery app authentication bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS Gallery app, which can be exploited by an attacker to compromise service confidentialit...

Huawei HarmonyOS media module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS media module, which can be exploited by an attacker to compromise the confidentiality of a...

Huawei HarmonyOS development framework module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS development framework module, which can be exploited by attackers to affect availability...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24058)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

Huawei HarmonyOS office service memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS office service, which can be exploited by an attacker to compromise service confidentialit...

Huawei HarmonyOS device management module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS device management module, which can be exploited by attackers to affect availability...

Huawei HarmonyOS storage management module memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS storage management module, which can be exploited by attackers to affect availability...

Huawei HarmonyOS package management module data handling error vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A data handling error vulnerability exists in the Huawei HarmonyOS package management module, which can be exploited by attackers to affect availability...

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24049)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

Simple Food Ordering System editcategory.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cname in the file editcategory.php. An attacker can exploit th...

Simple Food Ordering System /addproduct.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter Category in the file /addproduct.php. An attacker can use this...

Simple Food Ordering System /addcategory.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter cname in the file /addcategory.php. An attacker can use this...

Online Job Search Engine searchjob.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtspecialization in the file /searchjob.php. An attacker can exploit this...

Online Job Search Engine postjob.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtjobID in the file /postjob.php. An attacker can exploit this...

Online Complaint Site register-complaint.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /cms/users/register-complaint.php. An attacker can exploit this...

Online Complaint Site index.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in file /cms/users/index.php. An attacker can exploit this vulnerability...

Hospital Management System session function hard-coded key vulnerability

Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...

E-Commerce Website delete_order_details.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in the file /pages/deleteorderdetails.php. An attacker can exploit this...

Computer Laboratory System SQL Injection Vulnerability

Computer Laboratory System is a computer laboratory system. The Computer Laboratory System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the password field of the login page, which can be exploited by an attacker to...

Client Details System update-profile.php File SQL Injection Vulnerability

Client Details System is a client information system. Client Details System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /admin/update-profile.php. An attacker can exploit this...

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24046)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27558)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27561)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27562)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27559)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27563)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Tenda W12 Buffer Overflow Vulnerability

The W12 is a high-performance wireless access point from Tenda China. Ltd. W12 3.0.0.6 version of the existence of buffer overflow vulnerability, the vulnerability stems from the HTTP Request Handler component / goform/modules file wifiMacFilterSet function parameter mac failed to correctly...

QNAP Qsync Central Unrestricted Resource Allocation Vulnerability (CNVD-2025-30288)

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

ERPNext get_rfq_containing_supplier function SQL Injection Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the txt parameter of the getrfqcontainingsupplier function against externally entered SQL statements. An attacker can...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27739)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Huawei HarmonyOS network module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS network module, which can be exploited by an attacker to compromise the confidentiality of a...

Tenda AC7 /goform/SetDDNSCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27745)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Tenda AC7 /goform/fast_setting_pppoe_set file buffer overflow vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter Password in the file /goform/fastsettingpppoeset that fails to correctly validate the length and size of the input data, and c...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27738)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

WordPress Community Events plugin SQL Injection Vulnerability

The WordPress Community Events plugin is a plugin that allows users to publish event information independently through a website form, while administrators can retain the right to final review of calendar content. WordPress Community Events plugin suffers from a SQL injection vulnerability that...

Simple Food Ordering System editproduct.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /editproduct.php. An attacker can exploit...

ERPNext Cross-Site Scripting Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

ERPNext import_coa function SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...