Project Monitoring System Cross-Site Scripting Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a cross-site scripting vulnerability that stems from the /onlineJobSearchEngine/postjob.php file not adequately filtering the txtapplyto parameter. No details of the vulnerability are available at thi...

WordPress Plugin Permalink Manager Lite Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Permalink Manager Lite.T...

Tenda AC8 formSetServerConfig function buffer overflow vulnerability

Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from the formSetServerConfig function in the...

GNU Binutils bfd/elf-eh-frame.c File Heap Buffer Overflow Vulnerability

GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the bfdelfparseehframe function in the...

Portábilis i-Educar Authorization Issues Vulnerability

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. Portábilis i-Educar suffers from an authorization issue vulnerability, which can be exploited by an attacker to improperly authorize...

E-Commerce Website admin_account_update.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /pages/adminaccountupdate.php. An attacker can exploit this vulnerabili...

Hostel Management System mod_users/index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modusers/index.php. An attacker can exploit this...

WordPress Plugin Acclectic Media Organizer Authorization Missing Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization missing vulnerability exists in the WordPress plugin Acclectic Media Organizer...

WordPress Plugin AR For WordPress Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...

D-Link DIR-823X Command Execution Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command execution vulnerability that can be exploited by an attacker to cause code execution due to the setcassword settings interface not filtering special characters in the httpcasswd parameter...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23372)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter delvalue in the file /goform/deleteofflinedevice, which can be exploited by an attacker to cause a command injection...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23370)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that stems from a misuse of the parameter mac in the file /goform/setdevicename, which can be exploited by an attacker to cause remote command injection...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23369)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from the misuse of the parameter macList in the file /goform/setwifiblacklists, which can be exploited by an attacker to cause remote command...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23467)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which is a result of incorrect manipulation of the parameter port of the function sub412E7C in the file /goform/setswitchsettings, which can be exploited by an...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23367)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that can be exploited by an attacker to cause remote command execution...

Project Monitoring System login.php File SQL Injection Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /login.php. An attacker can exploit this...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23368)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...

WordPress plugin Authorsy cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Authorsy, which stems from...

WordPress Plugin AllInOne - Banner Rotator SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin AllInOne - Banner Rotator suffers from a SQL injection vulnerability, no detai...

WordPress Plugin aThemes Addons for Elementor Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin aThemes Addons for Elementor, n...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23371)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter targetaddr in the file /goform/diagtraceroute, which can be exploited by an attacker to cause remote command injectio...

GNU Binutils elf_swap_shdr function buffer overflow vulnerability

GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the elfswapshdr function in the bfd/elfcode.h...

IBM Watsonx.data Log Information Disclosure Vulnerability

IBM Watsonx.data is an open data lake warehouse platform from International Business Machines IBM. IBM Watsonx.data suffers from a log information disclosure vulnerability that stems from storing potentially sensitive information in log files, which can be exploited by an attacker to cause it to ...

Small CRM SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter email in the file /forgot-password.php. An attacker can exploit this vulnerability to...

Online Bidding System bidlist.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /administrator/bidlist.php. An attacker can exploit this vulnerability...

E-Commerce Website pages/admin_product_details.php file SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the pages/adminproductdetails.php file that does not perform security filtering on the prodid parameter. An attacker can exploit this vulnerability by manipulating the...

Simple Scheduling System add.home.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that originates from not securely filtering the faculty parameter in the /add.home.php file. An attacker could exploit this vulnerability to obtain sensitive database...

IBM Storage TS4500 Library Cross-Site Request Forgery Vulnerability

IBM Storage TS4500 Library is a next-generation tape storage solution from IBM designed to help mid-sized and large enterprises meet the challenges of cloud storage, enabling high-density data storage and flexible scaling through LTO technology. The IBM Storage TS4500 Library suffers from a...

E-Commerce Website admin_index_search.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /pages/adminindexsearch.php. An attacker can exploit this vulnerability t...

NVIDIA Megatron-LM ensemble_classifer script code injection vulnerability

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. A code injection vulnerability exists in the NVIDIA Megatron-LM ensembleclassifer script, which can be exploited by attackers to cause code execution,...

NVIDIA CUDA Toolkit Code Issue Vulnerability

NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. A code issue vulnerability exists in NVIDIA CUDA Toolkit that stems from a null pointer dereference in cuobjdump, which can be exploited by an attacker to cause a...

NVIDIA CUDA Toolkit Heap Buffer Overflow Vulnerability (CNVD-2025-23251)

NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. NVIDIA CUDA Toolkit suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution...

NVIDIA CUDA toolkit buffer overflow vulnerability (CNVD-2025-23248)

NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. NVIDIA CUDA Toolkit suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a partial denial of service...

NVIDIA CUDA Toolkit Heap Buffer Overflow Vulnerability (CNVD-2025-23250)

NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. NVIDIA CUDA Toolkit suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code execution...

NVIDIA CUDA toolkit input validation error vulnerability

NVIDIA CUDA Toolkit is a development software application for creating high-performance GPU-accelerated applications from NVIDIA. The NVIDIA CUDA Toolkit suffers from an input validation error vulnerability that could be exploited by an attacker to cause a denial of service...

Delta Electronics CNCSoft-G2 Stack Buffer Overflow Vulnerability

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability that originates from improperly restricted memory buffer operations and can be exploited by an attacker to...

Cisco IOS XE Software Code Issue Vulnerability

Cisco IOS XE Software is a network operating system from the American company Cisco Cisco. Cisco IOS XE Software has a security vulnerability that can be exploited by attackers to cause a denial of service attack...

DELL BSAFE Micro Edition Suite Out-of-Bounds Write Vulnerability

DELL BSAFE Micro Edition Suite is an encryption development kit developed by Dell. DELL BSAFE Micro Edition Suite has an out-of-bounds write vulnerability that can be exploited by an attacker to cause a denial of service...

NVIDIA Megatron-LM Code Injection Vulnerability

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that stems from the possibility that the pretraingpt script may process malicious data,...

Unspecified Vulnerability in PyTorch (CNVD-2025-23278)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from mishandling when compiling models containing torch.Tensor.tosparse and torch.Tensor.todense, which can be exploited by an attacker to cause a denial of service...

Unspecified Vulnerability in PyTorch (CNVD-2025-23286)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...

Unspecified Vulnerability in PyTorch (CNVD-2025-23280)

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from the bitwiserightshift function mishandling the boundary value of the OTHER parameter, which can be exploited by an attacker to cause an output error...

DELL Cloud Disaster Recovery OS Command Injection Vulnerability

DELL Cloud Disaster Recovery is a cloud disaster recovery solution provided by Dell Technologies. DELL Cloud Disaster Recovery suffers from an OS command injection vulnerability that stems from improper neutralization of special elements in OS commands, which can be exploited by an attacker to...

PyTorch Buffer Overflow Vulnerability (CNVD-2025-23287)

PyTorch is a Python package open-sourced by PyTorch. PyTorch= suffers from a buffer overflow vulnerability that stems from a boundary error in the PyTorch model compilation when handling untrusted input, which can be exploited by an attacker to cause a denial of service...

IBM Cognos Controller and IBM Controller Encryption Issues Vulnerabilities

IBM Cognos Controller is an enterprise financial consolidation and reporting software from IBM. A security vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.0.1 and IBM Controller versions 11.1.0 through 11.1.1, which stems from the use of a hard-coded encryption key to sig...

TOTOLINK X6000R Operating System Command Injection Vulnerability

The TOTOLINK X6000R is a wireless router from TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X6000R V9.4.0cu.1458B20250708 and prior versions, which stems from a failure to properly filter special elements in user input. An attacker can exploit this vulnerability...

NVIDIA Megatron-LM Code Injection Vulnerability (CNVD-2025-23255)

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that can be exploited by attackers to cause code injection, elevation of privilege,...

TOTOLINK N600R Null Pointer Dereference Vulnerability

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a null pointer dereference vulnerability that can be...

Delta Electronics CNCSoft-G2 Stack Buffer Overflow Vulnerability (CNVD-2025-22945)

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability that originates from improperly restricted memory buffer operations and can be exploited by an attacker to...

Unspecified Vulnerability in PyTorch (CNVD-2025-23284)

PyTorch is a Python package open-sourced by PyTorch. PyTorch has a security vulnerability that stems from an assertion error in nn.Fold when using inductor, no details of the vulnerability are provided at this time...