Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Fuji Electric V-SFT Out-of-Bounds Read Vulnerability

Fuji Electric V-SFT is a human-machine interface HMI configuration software developed by Fuji Electric FujiElectric, which is mainly used for touch-screen interface design, PDF document viewing, video playback, alarm message management and other functions in the field of industrial automation. Fu...

8.4CVSS7.4AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Tenda W12 Null Pointer Dereference Vulnerability

Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. A null pointer dereference vulnerability...

7.1CVSS7.1AI score0.00888EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27744)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

UTT 1250GW Buffer Overflow Vulnerability (CNVD-2026-00805)

The UTT 1250GW is an enterprise-grade wireless router from Atech Technology Ltd. designed for SOHO Small Office/Home Office environments, focusing on wireless coverage and network management features. The UTT 1250GW suffers from a buffer overflow vulnerability, which originates from the parameter...

9CVSS8.2AI score0.00765EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Hospital Management System session function hard-coded key vulnerability

Hospital Management System a hospital management system. Hospital Management System has a hard-coded key vulnerability that arises from the incorrect manipulation of the secret parameter by the session function in the express-session component, for which no detailed vulnerability details are...

8.1CVSS6.8AI score0.00479EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

E-Commerce Website user_index_search.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /pages/userindexsearch.php. An attacker can exploit this vulnerability to...

9.8CVSS8.3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24042)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that stems from the misuse of the Generic Query Web Service, no details of the vulnerability are...

7.5CVSS6.9AI score0.00323EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24045)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access the date of current contract details using an...

7.1CVSS6.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Huawei HarmonyOS package management module data handling error vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A data handling error vulnerability exists in the Huawei HarmonyOS package management module, which can be exploited by attackers to affect availability...

7.3CVSS6.7AI score0.00084EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•7 views

Online Job Search Engine registration.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtusername in the file /registration.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00391EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...

8.8CVSS7.8AI score0.00394EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Client Details System update-profile.php File SQL Injection Vulnerability

Client Details System is a client information system. Client Details System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /admin/update-profile.php. An attacker can exploit this...

8.8CVSS8.1AI score0.00332EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Online Complaint Site register-complaint.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /cms/users/register-complaint.php. An attacker can exploit this...

8.8CVSS8.2AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP Qsync Central Unlimited Resource Allocation Vulnerability

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by attackers to cause a denial of service...

7.1CVSS6.8AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27738)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27561)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP QTS and QuTS hero formatting string error vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

6.5CVSS6.7AI score0.00339EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27745)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27743)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27558)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27560)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

QNAP QTS and QuTS hero null pointer dereference vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27741)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27737)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27563)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27566)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27564)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27562)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27559)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Huawei HarmonyOS print module exception mishandling vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An exception mishandling vulnerability exists in the Huawei HarmonyOS print module, which can be exploited by attackers to affect availability...

5.5CVSS6.8AI score0.00082EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Tenda AC7 Command Injection Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the failure to properly filter the parameter lanIp in the file /goform/AdvSetLanip to construct command special characters, commands, etc...

8.8CVSS8.1AI score0.03741EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27565)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Courier Management System add-courier.php File SQL Injection Vulnerability

Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...

9.8CVSS8.3AI score0.00367EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Tenda AC7 /goform/WifiMacFilterSet File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet that fails to correctly validate the length of the input data, and can be...

9CVSS8.3AI score0.00739EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

WordPress Community Events plugin SQL Injection Vulnerability

The WordPress Community Events plugin is a plugin that allows users to publish event information independently through a website form, while administrators can retain the right to final review of calendar content. WordPress Community Events plugin suffers from a SQL injection vulnerability that...

9.8CVSS7.7AI score0.00468EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

WordPress Betheme plugin cross-site scripting vulnerability

WordPress Betheme plugin is a WordPress multipurpose theme that is mainly used to quickly build different types of websites such as corporate, blog, e-commerce and so on. WordPress Betheme plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and outp...

6.4CVSS6.2AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•9 views

Tenda AC7 /goform/saveAutoQos File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter enable in the file /goform/saveAutoQos that fails to correctly validate the length of the input data, and can be exploited by ...

9CVSS8.3AI score0.00736EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Computer Laboratory System SQL Injection Vulnerability

Computer Laboratory System is a computer laboratory system. The Computer Laboratory System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the password field of the login page, which can be exploited by an attacker to...

9.8CVSS8.2AI score0.00402EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP Qsync Central Uncontrolled Resource Consumption Vulnerability

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an uncontrolled resource consumption vulnerability that can be exploited by attackers to cause a denial of service...

6.5CVSS6.8AI score0.00387EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

WordPress Postie Plugin Cross-Site Scripting Vulnerability

WordPress Postie Plugin is a plugin that is mainly used for publishing posts via email. WordPress Postie Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker...

4.8CVSS6.1AI score0.00168EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•7 views

Tenda AC7 /goform/setNotUpgrade File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter newVersion in the file /goform/setNotUpgrade that fails to correctly validate the length and size of the input data, and can b...

9.8CVSS8.3AI score0.00804EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-27801)

QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...

8.8CVSS8.1AI score0.00394EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Tenda W12 Buffer Overflow Vulnerability

The W12 is a high-performance wireless access point from Tenda China. Ltd. W12 3.0.0.6 version of the existence of buffer overflow vulnerability, the vulnerability stems from the HTTP Request Handler component / goform/modules file wifiMacFilterSet function parameter mac failed to correctly...

9.8CVSS8.3AI score0.07891EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Tenda AC7 /goform/SetUpnpCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter upnpEn in the file /goform/SetUpnpCfg that fails to correctly validate the length of the input data, and can be exploited by a...

9CVSS8.3AI score0.00952EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24048)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access functional contract details using an unauthorized...

7.1CVSS6.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System, which arises from unvalidated input to the Description field in the Add Room function, no details of the vulnerability are...

4.1CVSS6.2AI score0.00229EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•7 views

E-Commerce Website product_add_qty.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

9.8CVSS8.3AI score0.00367EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

UTT HiPER 840G Buffer Overflow Vulnerability

The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...

9CVSS8.1AI score0.00894EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Huawei HarmonyOS camera module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS camera module, which can be exploited by an attacker to compromise service confidentiality...

5.5CVSS6.9AI score0.00086EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24043)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic employee details using an unauthorized internal...

7.1CVSS6.9AI score0.00234EPSS
Exploits0References1
Total number of security vulnerabilities131179