Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Online Complaint Site index.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in file /cms/users/index.php. An attacker can exploit this vulnerability...

8.8CVSS8.2AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Huawei HarmonyOS Gallery app authentication bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS Gallery app, which can be exploited by an attacker to compromise service confidentialit...

6.2CVSS7AI score0.001EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

UTT 1250GW Buffer Overflow Vulnerability

The UTT 1250GW is an enterprise-grade wireless router from Atech Technology Ltd. designed for SOHO Small Office/Home Office environments, focusing on wireless coverage and network management features. The UTT 1250GW suffers from a buffer overflow vulnerability, which originates from the parameter...

9CVSS8.2AI score0.00693EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Project Monitoring System useredit.php File SQL Injection Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•9 views

Huawei HarmonyOS network module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS network module, which can be exploited by an attacker to compromise the confidentiality of a...

5.9CVSS6.9AI score0.00088EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

E-Banking System SQL Injection Vulnerability

E-Banking System is an electronic banking system. E-Banking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /register.php. An attacker can exploit this vulnerability ...

9.8CVSS8.3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30290)

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

7.1CVSS7AI score0.0046EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

QNAP Qsync Central Unrestricted Resource Allocation Vulnerability (CNVD-2025-30288)

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

7.1CVSS7AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•7 views

Juniper Networks Junos OS Evolved Operating System Command Injection Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Juniper Networks Junos OS Evolved suffers from an operating system command injection vulnerability that stems from improper handling of special elements, which could be exploited by an attacker to cause an OS...

5.3CVSS7.6AI score0.01015EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24046)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...

7.1CVSS6.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Huawei HarmonyOS Wi-Fi Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Wi-Fi module, which can be exploited by an attacker to compromise service confidentiality...

5.5CVSS6.9AI score0.00089EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Online Complaint Site state.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter state in the file /cms/admin/state.php for externally entered SQL statements. An attacker can exploit this vulnerability...

8.8CVSS8.2AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27739)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•8 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24066)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

5.5CVSS6.6AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Huawei HarmonyOS media module privilege control vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS media module, which can be exploited by an attacker to compromise the confidentiality of a...

5.5CVSS6.9AI score0.00085EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

Huawei HarmonyOS Camera app privilege authentication bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege authentication bypass vulnerability exists in the Huawei HarmonyOS Camera app, which can be exploited by an attacker to compromise service...

5.5CVSS7.1AI score0.00086EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Huawei HarmonyOS print module exception mishandling vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An exception mishandling vulnerability exists in the Huawei HarmonyOS print module, which can be exploited by attackers to affect availability...

5.9CVSS6.8AI score0.00084EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24050)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

5.5CVSS6.6AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Huawei HarmonyOS Denial of Service Leakage (CNVD-2025-24064) hole

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

5.5CVSS6.6AI score0.00082EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

Huawei HarmonyOS storage management module memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS storage management module, which can be exploited by attackers to affect availability...

8.4CVSS6.7AI score0.0009EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24058)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

5.5CVSS6.6AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

Huawei HarmonyOS office service memory misreference vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS office service, which can be exploited by an attacker to compromise service confidentialit...

7.8CVSS6.9AI score0.00093EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Huawei HarmonyOS device management module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS device management module, which can be exploited by attackers to affect availability...

6.2CVSS7.2AI score0.00086EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Huawei HarmonyOS Gallery Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Gallery module, which can be exploited by an attacker to compromise service confidentiality...

6.2CVSS6.9AI score0.00088EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

WordPress Colibri Page Builder plugin cross-site scripting vulnerability

WordPress Colibri Page Builder plugin is a plugin for ColibriWP theme to add drag-and-drop page building functionality , through visual operations to achieve modular page design . The WordPress Colibri Page Builder plugin suffers from a cross-site scripting vulnerability that stems from a lack of...

6.4CVSS6AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•2 views

WordPress CM Registration plugin open redirection vulnerability

WordPress CM Registration plugin is a WordPress plugin for optimizing the user login and registration experience, supporting AJAX login/registration page, invitation code registration, multi-user role assignment and other functions. The WordPress CM Registration plugin suffers from an open redire...

4.7CVSS7AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24041)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic contract details using an unauthorized internal...

7.1CVSS6.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

ERPNEXT group_by parameter SQL Injection Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the orderby and groupby parameters against externally entered SQL statements. An attacker can exploit this vulnerability...

6.5CVSS8.3AI score0.00293EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24047)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access permission lists using unauthorized internal identifie...

7.1CVSS6.8AI score0.00294EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Tenda AC7 /goform/fast_setting_pppoe_set file buffer overflow vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter Password in the file /goform/fastsettingpppoeset that fails to correctly validate the length and size of the input data, and c...

9CVSS8.3AI score0.00736EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27740)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

5.1CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•7 views

Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24044)

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access plan counter details using an unauthorized internal...

7.1CVSS6.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Fuji Electric V-SFT Out-of-Bounds Write Vulnerability

Fuji Electric V-SFT is a human-machine interface HMI configuration software developed by FujiElectric in Japan, mainly used in industrial automation. Fuji Electric V-SFT suffers from an out-of-bounds write vulnerability that originates from the CItemExChange::WinFontDynStrCheck function failing t...

8.4CVSS6.1AI score0.00168EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Huawei HarmonyOS development framework module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS development framework module, which can be exploited by attackers to affect availability...

5.9CVSS7.2AI score0.00086EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30289)

QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...

7.1CVSS6.9AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Online Job Search Engine postjob.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtjobID in the file /postjob.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Simple Food Ordering System editcategory.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cname in the file editcategory.php. An attacker can exploit th...

8.8CVSS8.3AI score0.00308EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Bold Workplanner Insecure Direct Object Reference Vulnerability

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. An insecure direct object reference vulnerability exists in Bold Workplanner versions prior to 2.5.25, which stems from a lack of sufficient validation of user input, and can be...

7.1CVSS6.8AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

E-Commerce Website delete_order_details.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in the file /pages/deleteorderdetails.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•8 views

Online Job Search Engine searchjob.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtspecialization in the file /searchjob.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Simple Food Ordering System /addproduct.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter Category in the file /addproduct.php. An attacker can use this...

8.8CVSS8.3AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

ERPNext Cross-Site Scripting Vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...

5.4CVSS6.1AI score0.00382EPSS
Exploits2References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Online Complaint Site category.php File SQL Injection Vulnerability

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /admin/category.php. An attacker can exploit this vulnerabilit...

8.8CVSS8.2AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

ERPNext import_coa function SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...

6.5CVSS8.3AI score0.00243EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Tenda AC7 /goform/SetDDNSCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...

9CVSS8.3AI score0.00948EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•6 views

Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24049)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...

5.5CVSS6.6AI score0.00102EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•8 views

Client Details System Cross-Site Scripting Vulnerability

Client Details System is a client information system. A cross-site scripting vulnerability exists in Client Details System that stems from malicious JavaScript code not being filtered in the username field, no details of the vulnerability are available at this time...

6.1CVSS6.3AI score0.00213EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•3 views

Simple Food Ordering System editproduct.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /editproduct.php. An attacker can exploit...

8.8CVSS8.3AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•5 views

Simple Food Ordering System /addcategory.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter cname in the file /addcategory.php. An attacker can use this...

8.8CVSS8.3AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/15 12:0 a.m.•4 views

Huawei HarmonyOS sensor service buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS sensor service, which can be exploited by attackers to affect availability...

5.9CVSS7.2AI score0.00086EPSS
Exploits0References1
Total number of security vulnerabilities131179