QNAP QTS and QuTS hero formatting string error vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Online Complaint Site state.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter state in the file /cms/admin/state.php for externally entered SQL statements. An attacker can exploit this vulnerability...

Fuji Electric V-SFT Out-of-Bounds Write Vulnerability

Fuji Electric V-SFT is a human-machine interface HMI configuration software developed by FujiElectric in Japan, mainly used in industrial automation. Fuji Electric V-SFT suffers from an out-of-bounds write vulnerability that originates from the CItemExChange::WinFontDynStrCheck function failing t...

E-Commerce Website product_add_qty.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

Client Details System Cross-Site Scripting Vulnerability

Client Details System is a client information system. A cross-site scripting vulnerability exists in Client Details System that stems from malicious JavaScript code not being filtered in the username field, no details of the vulnerability are available at this time...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27737)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27565)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

UTT 1250GW Buffer Overflow Vulnerability (CNVD-2026-00805)

The UTT 1250GW is an enterprise-grade wireless router from Atech Technology Ltd. designed for SOHO Small Office/Home Office environments, focusing on wireless coverage and network management features. The UTT 1250GW suffers from a buffer overflow vulnerability, which originates from the parameter...

Huawei HarmonyOS print module exception mishandling vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An exception mishandling vulnerability exists in the Huawei HarmonyOS print module, which can be exploited by attackers to affect availability...

Tenda AC7 /goform/saveAutoQos File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter enable in the file /goform/saveAutoQos that fails to correctly validate the length of the input data, and can be exploited by ...

E-Commerce Website edit_order_details.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...

Tenda AC15 formsaveAutoQos function buffer overflow vulnerability

The Tenda AC15 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC15 version 15.03.05.18, which originates from the parameter enable in the file /goform/saveAutoQos that fails to correctly validate the length of the input data, and can be...

Belkin F9K1015 Command Injection Vulnerability

The Belkin F9K1015 is a WiFi signal extender. The Belkin F9K1015 suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter wanipaddr in the file /goform/formBSSetSitesurvey. An attacker can exploit this vulnerability to execute arbitrary commands on th...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

TOTOLINK X18 setEasyMeshAgentCfg Function Command Injection Vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the failure of the agentName parameter in the...

WordPress Block For Mailchimp plugin server-side request forgery vulnerability

WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...

WordPress Chatwee plugin cross-site request forgery vulnerability

WordPress Chatwee plugin is a plugin for adding live chat functionality to your WordPress website with multi-language and internationalization support. The WordPress Chatwee plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

WordPress Appy Pie Connect for WooCommerce plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Appy Pie Connect for WooCommerce plugin suffers from a missing authorization vulnerability that stems from a lack of authorization checks in the resetuserpassword...

Beauty Parlour Management System sales-reports-detail.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameters fromdate and todate in the file /admin/sales-reports-detail.php for externally entered SQL statement...

Beauty Parlour Management System search-invoices.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-invoices.php. An attacker can...

Beauty Parlour Management System new-appointment.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/new-appointment.php. An attacker can...

Tenda CH22 formWrlsafeset function stack buffer overflow vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda. Tenda CH22 has a stack buffer overflow vulnerability, which originates from the parameter mitssidindex in the formWrlsafeset function in file /goform/AdvSetWrlsafeset that fails to correctly validate the length of the input data, which...

Tenda AC23 sscanf function buffer overflow vulnerability

Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. Tenda...

Tenda AC18 wanMTU Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU parameter of the fromAdvSetMacMtuWan function failing to...

Tenda AC18 mac parameter stack buffer overflow vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the mac parameter in the fromAdvSetMacMtuWan function failing to properly valida...

Tenda AC18 cloneType Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the cloneType parameter in the fromAdvSetMacMtuWan function failing to correctly...

Tenda AC18 newVersion Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter newVersion in the file /goform/setNotUpgrade fails to correct...

Cyber Cafe Management System search.php file cross-site scripting vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file /search.php, which can be...

Voting System voters_add.php File Upload Vulnerability

Voting System is an election system. Voting System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in file /admin/votersadd.php. An attacker can exploit this vulnerability to upload malicious files...

Student Crud Operation delete.ph File SQL Injection Vulnerability

Student Crud Operation is a student information system. Student Crud Operation suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file delete.php. An attacker can exploit this vulnerability to execute...

Hostel Management System Clickjacking Vulnerability

Hostel Management System is a hostel management system. Hostel Management System is vulnerable to clickjacking, which occurs when the program does not adequately protect HTML iframes.No details of the vulnerability are available at this time...

Online Hotel Reservation System addgalleryexec.php file arbitrary file upload vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System suffers from an arbitrary file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /admin/addgalleryexec.php. No details of the...

Tenda AC15 ddnsEn Parameter Stack Buffer Overflow Vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in th...

Tenda AC18 wifi_chkHz parameter stack buffer overflow vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet fails to...

WordPress Community Events plugin SQL Injection Vulnerability

WordPress Community Events plugin is a plugin that allows users to submit events. Users can publish event information independently through the website form, while the administrator can retain the final right to review the calendar content. A SQL injection vulnerability exists in the WordPress...

Online Shopping Portal Project login.php File SQL Injection Vulnerability

Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fullname in the file /shopping/login.php. An attacker...

Online Course Registration /admin/edit-course.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter coursecode in the file /admin/edit-course.php. An attacker ca...

WordPress Blappsta Mobile App plugin SQL Injection Vulnerability

WordPress Blappsta Mobile App plugin is a plugin that converts WordPress websites into native iOS and Android mobile apps. The WordPress Blappsta Mobile App plugin suffers from a SQL injection vulnerability that stems from the application missing validation of SQL statements in the nhynaacomments...

WordPress AffiliateWP plugin SQL Injection Vulnerability

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

E-Commerce Website supplier_add.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter suppemail in the file /pages/supplieradd.php. An attacker can exploit this vulnerability to...

Online Course Registration /admin/manage-students.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/manage-students.php. An attacker can...

Simple Banking System transfermoney.php File SQL Injection Vulnerability

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /transfermoney.php. An attacker can exploit this vulnerability to execute...

Simple Banking System removeuser.php File SQL Injection Vulnerability

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /removeuser.php. An attacker can exploit this vulnerability to execute illeg...

Online Hotel Reservation System Arbitrary File Upload Vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /admin/addexec.php. No details of the vulnerability a...

E-Commerce Website product_add.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodname in the file /pages/productadd.php. An attacker can exploit this vulnerability to...

AndSoft e-TMS Path Traversal Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. A path traversal vulnerability exists in AndSoft e-TMS, which stems from the docurl parameter failing to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to gain access to a...

AndSoft e-TMS Encryption Issue Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...

AndSoft e-TMS SQL Injection Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the SessionID cookie parameter in file /inc/connect/CONNECTION.ASP. An attacker can us...

AndSoft e-TMS SQL Injection Vulnerability (CNVD-2025-23569)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter USRMAIL in the file /inc/login/TRACKREQUESTFRMSQL.ASP. An attacker can...