131179 matches found
Online Complaint Site index.php File SQL Injection Vulnerability
Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in file /cms/users/index.php. An attacker can exploit this vulnerability...
Huawei HarmonyOS Gallery app authentication bypass vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An authentication bypass vulnerability exists in the Huawei HarmonyOS Gallery app, which can be exploited by an attacker to compromise service confidentialit...
UTT 1250GW Buffer Overflow Vulnerability
The UTT 1250GW is an enterprise-grade wireless router from Atech Technology Ltd. designed for SOHO Small Office/Home Office environments, focusing on wireless coverage and network management features. The UTT 1250GW suffers from a buffer overflow vulnerability, which originates from the parameter...
Project Monitoring System useredit.php File SQL Injection Vulnerability
Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...
Huawei HarmonyOS network module privilege control vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS network module, which can be exploited by an attacker to compromise the confidentiality of a...
E-Banking System SQL Injection Vulnerability
E-Banking System is an electronic banking system. E-Banking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /register.php. An attacker can exploit this vulnerability ...
QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30290)
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...
QNAP Qsync Central Unrestricted Resource Allocation Vulnerability (CNVD-2025-30288)
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...
Juniper Networks Junos OS Evolved Operating System Command Injection Vulnerability
Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Juniper Networks Junos OS Evolved suffers from an operating system command injection vulnerability that stems from improper handling of special elements, which could be exploited by an attacker to cause an OS...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24046)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access calendar details using an unauthorized internal...
Huawei HarmonyOS Wi-Fi Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Wi-Fi module, which can be exploited by an attacker to compromise service confidentiality...
Online Complaint Site state.php File SQL Injection Vulnerability
Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter state in the file /cms/admin/state.php for externally entered SQL statements. An attacker can exploit this vulnerability...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27739)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24066)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...
Huawei HarmonyOS media module privilege control vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS media module, which can be exploited by an attacker to compromise the confidentiality of a...
Huawei HarmonyOS Camera app privilege authentication bypass vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege authentication bypass vulnerability exists in the Huawei HarmonyOS Camera app, which can be exploited by an attacker to compromise service...
Huawei HarmonyOS print module exception mishandling vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An exception mishandling vulnerability exists in the Huawei HarmonyOS print module, which can be exploited by attackers to affect availability...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24050)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...
Huawei HarmonyOS Denial of Service Leakage (CNVD-2025-24064) hole
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...
Huawei HarmonyOS storage management module memory misreference vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS storage management module, which can be exploited by attackers to affect availability...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24058)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...
Huawei HarmonyOS office service memory misreference vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A memory misreference vulnerability exists in the Huawei HarmonyOS office service, which can be exploited by an attacker to compromise service confidentialit...
Huawei HarmonyOS device management module buffer overflow vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS device management module, which can be exploited by attackers to affect availability...
Huawei HarmonyOS Gallery Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS Gallery module, which can be exploited by an attacker to compromise service confidentiality...
WordPress Colibri Page Builder plugin cross-site scripting vulnerability
WordPress Colibri Page Builder plugin is a plugin for ColibriWP theme to add drag-and-drop page building functionality , through visual operations to achieve modular page design . The WordPress Colibri Page Builder plugin suffers from a cross-site scripting vulnerability that stems from a lack of...
WordPress CM Registration plugin open redirection vulnerability
WordPress CM Registration plugin is a WordPress plugin for optimizing the user login and registration experience, supporting AJAX login/registration page, invitation code registration, multi-user role assignment and other functions. The WordPress CM Registration plugin suffers from an open redire...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24041)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access basic contract details using an unauthorized internal...
ERPNEXT group_by parameter SQL Injection Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the orderby and groupby parameters against externally entered SQL statements. An attacker can exploit this vulnerability...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24047)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access permission lists using unauthorized internal identifie...
Tenda AC7 /goform/fast_setting_pppoe_set file buffer overflow vulnerability
Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter Password in the file /goform/fastsettingpppoeset that fails to correctly validate the length and size of the input data, and c...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27740)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
Bold Workplanner Insecure Direct Object Reference Vulnerability (CNVD-2025-24044)
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access plan counter details using an unauthorized internal...
Fuji Electric V-SFT Out-of-Bounds Write Vulnerability
Fuji Electric V-SFT is a human-machine interface HMI configuration software developed by FujiElectric in Japan, mainly used in industrial automation. Fuji Electric V-SFT suffers from an out-of-bounds write vulnerability that originates from the CItemExChange::WinFontDynStrCheck function failing t...
Huawei HarmonyOS development framework module buffer overflow vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS development framework module, which can be exploited by attackers to affect availability...
QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-30289)
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an unrestricted resource allocation vulnerability that can be exploited by an attacker to prevent other systems, applications, o...
Online Job Search Engine postjob.php File SQL Injection Vulnerability
Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtjobID in the file /postjob.php. An attacker can exploit this...
Simple Food Ordering System editcategory.php File SQL Injection Vulnerability
Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cname in the file editcategory.php. An attacker can exploit th...
Bold Workplanner Insecure Direct Object Reference Vulnerability
Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. An insecure direct object reference vulnerability exists in Bold Workplanner versions prior to 2.5.25, which stems from a lack of sufficient validation of user input, and can be...
E-Commerce Website delete_order_details.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in the file /pages/deleteorderdetails.php. An attacker can exploit this...
Online Job Search Engine searchjob.php File SQL Injection Vulnerability
Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter txtspecialization in the file /searchjob.php. An attacker can exploit this...
Simple Food Ordering System /addproduct.php File SQL Injection Vulnerability
Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter Category in the file /addproduct.php. An attacker can use this...
ERPNext Cross-Site Scripting Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. A cross-site scripting vulnerability exists in ERPNext version v15.67.0, which stems from improper cleanup of content field inputs by the blog post feature and can be exploited by an attacker to cause a stored...
Online Complaint Site category.php File SQL Injection Vulnerability
Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /admin/category.php. An attacker can exploit this vulnerabilit...
ERPNext import_coa function SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...
Tenda AC7 /goform/SetDDNSCfg File Buffer Overflow Vulnerability
Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-24049)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS, which can be exploited by attackers to affect availability...
Client Details System Cross-Site Scripting Vulnerability
Client Details System is a client information system. A cross-site scripting vulnerability exists in Client Details System that stems from malicious JavaScript code not being filtered in the username field, no details of the vulnerability are available at this time...
Simple Food Ordering System editproduct.php File SQL Injection Vulnerability
Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /editproduct.php. An attacker can exploit...
Simple Food Ordering System /addcategory.php File SQL Injection Vulnerability
Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter cname in the file /addcategory.php. An attacker can use this...
Huawei HarmonyOS sensor service buffer overflow vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A buffer overflow vulnerability exists in the Huawei HarmonyOS sensor service, which can be exploited by attackers to affect availability...