131179 matches found
Cisco IOS XE Software Code Issue Vulnerability
Cisco IOS XE Software is a network operating system from the American company Cisco Cisco. Cisco IOS XE Software has a security vulnerability that can be exploited by attackers to cause a denial of service attack...
Unspecified Vulnerability in PyTorch (CNVD-2025-23280)
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from the bitwiserightshift function mishandling the boundary value of the OTHER parameter, which can be exploited by an attacker to cause an output error...
Cisco IOS XE Software Cross-Site Scripting Vulnerability
Cisco IOS XE Software is a network operating system from the American company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco IOS XE Software that originates from improper user input cleanup and can be exploited by an attacker to cause a reflective cross-site scripting attack...
Unspecified Vulnerability in PyTorch (CNVD-2025-23286)
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a security vulnerability that stems from an inconsistency between the bernoullip decomposition function and the CPU implementation, no details of the vulnerability are provided at this time...
IBM Cognos Controller and IBM Controller Encryption Issues Vulnerabilities
IBM Cognos Controller is an enterprise financial consolidation and reporting software from IBM. A security vulnerability exists in IBM Cognos Controller versions 11.0.0 through 11.0.1 and IBM Controller versions 11.1.0 through 11.1.1, which stems from the use of a hard-coded encryption key to sig...
NVIDIA Megatron-LM Code Injection Vulnerability (CNVD-2025-23255)
NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that can be exploited by attackers to cause code injection, elevation of privilege,...
TOTOLINK N600R Null Pointer Dereference Vulnerability
The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a null pointer dereference vulnerability that can be...
PyTorch Information Disclosure Vulnerability
PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from an information disclosure vulnerability that stems from FractionalMaxPool2d producing inconsistent results when using torch.compile, no details of the vulnerability are provided at this time...
Google Chrome Information Disclosure Vulnerability
Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an information disclosure vulnerability that originates from the V8 presence of side channel...
IBM Watson Studio Cross-Site Scripting Vulnerability
IBM Watson Studio is a data science and machine learning platform from IBM, integrated into Cloud Pak for Data, for building, training and deploying AI models. A cross-site scripting vulnerability exists in IBM Watson Studio versions 4.0 through 5.2.0 that stems from not adequately filtering user...
Microsoft Edge Remote Code Execution Vulnerability (CNVD-2025-23074)
Microsoft Edge is a web browser developed by Microsoft based on the Chromium kernel. A remote code execution vulnerability exists in Microsoft Edge. The vulnerability arises because the browser fails to properly handle objects in memory and can be exploited by an attacker to remotely execute code...
Google Chrome Integer Overflow Vulnerability (CNVD-2025-22922)
Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an integer overflow vulnerability that stems from the program's failure to properly handle numeri...
Apache IoTDB Resource Management Error Vulnerability
Apache IoTDB is a time-series database management system from the Apache Software Foundation, designed for storing and analyzing massive time-series data in IoT scenarios. Apache IoTDB suffers from a security vulnerability that originates from an unauthorized access flaw in a system component. An...
TOTOLINK X6000R OS Command Injection Vulnerability
TOTOLINK X6000R is a Wi-Fi 6 technology-enabled wireless router from China's Gion Electronics TOTOLINK, featuring high concurrent connections and dual-band transmission. The TOTOLINK X6000R suffers from an OS command injection vulnerability that stems from a failure to properly filter special...
Google Chrome Integer Overflow Vulnerability
Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from an integer overflow vulnerability that stems from the program failing to properly check for integ...
TOTOLINK X6000R Improper Input Validation Vulnerability
TOTOLINK X6000R is a Wi-Fi 6 technology-enabled wireless router from China's Gion Electronics TOTOLINK, featuring high concurrent connections and dual-band transmission. The TOTOLINK X6000R suffers from an improper input validation vulnerability that originates from the program's failure to...
Artifex Ghostscript pdf_write_cmap function stack buffer overflow vulnerability
Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. Artifex Ghostscript pdfwritecmap function has a stack buffer overflow vulnerability, there is no detailed...
Artifex Ghostscript ocr_begin_page function heap buffer overflow vulnerability
Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. A heap buffer overflow vulnerability exists in the Artifex Ghostscript ocrbeginpage function, which can be exploite...
E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...
WordPress Plugin CP Multi View Event Calendar Authorization Missing Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization missing vulnerability exists in the WordPress plugin CP Multi View Event...
D-Link DI-7100G Buffer Overflow Vulnerability
D-Link DI-7100G is an Internet Behavior Management router for SMBs, supporting Gigabit network transfer rate some models are labeled as 100 Gigabit, equipped with 4 WAN interfaces and 1 LAN interface, built-in USB2.0 ports, and compliant with IEEE802.11n/g/b wireless standard and IEEE802.3 wired...
WordPress Plugin Accordion Missing Authorization Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress plugin Accordion, which can be...
UTT 1200GW Buffer Overflow Vulnerability (CNVD-2026-00811)
The UTT 1200GW is an enterprise-grade wireless router from Atech Technology UTT designed to meet the networking needs of small to medium-sized businesses or large space office environments. The UTT 1200GW suffers from a buffer overflow vulnerability that originates from the failure of the paramet...
Unspecified Vulnerability in WordPress Plugin Advanced Views
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Advanced Views, which can be exploited ...
Tenda AC23 SetPptpServerCfg File sscanf Function Buffer Overflow Vulnerability
Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. Tenda...
Hostel Management System log_email Parameter SQL Injection Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter logemail in the file /justines/index.php. An attacker can exploit this...
WordPress Plugin Advance Portfolio Grid Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Advance Portfolio Grid has a cross-site scripting vulnerability that stems fro...
D-Link DI-7100G OS Command Injection Vulnerability
D-Link DI-7100G is an Internet Behavior Management router for SMBs, supporting Gigabit network transfer rate some models are labeled as 100 Gigabit, equipped with 4 WAN interfaces and 1 LAN interface, built-in USB2.0 ports, and compliant with IEEE802.11n/g/b wireless standard and IEEE802.3 wired...
Online Bidding System remove.php File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /administrator/remove.php. An attacker can exploit this vulnerability ...
Car Rental Project carrental/search.php file cross-site scripting vulnerability
Car Rental Project is a car rental program. Car Rental Project suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter autofocus in the file /carrental/search.php, which can be exploited by an attacker t...
UTT HiPER 840G Buffer Overflow Vulnerability (CNVD-2026-00808)
The UTT HiPER 840G is a full Gigabit Internet behavior management router from Atech UTT, which is aimed at small businesses, community networks, hotels, and other scenarios, providing high-speed network access and intelligent management features. The UTT HiPER 840G suffers from a buffer overflow...
Hostel Management System mod_comments/index.php File SQL Injection Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modcomments/index.php. An attacker can use this...
Hostel Management System index.php File SQL Injection Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modamenities/index.php. An attacker can exploit this...
Hostel Management System mod_roomtype/index.php File SQL Injection Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modroomtype/index.php. An attacker can exploit this...
D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23469)
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the /usr/sbin/goahead file. An attacker can exploit this vulnerability to execute arbitrary commands on the system...
TOTOLINK X6000R Improper Input Validation Vulnerability
TOTOLINK X6000R is a wireless router supporting Wi-Fi 6 technology from China's Gion Electronics TOTOLINK, focusing on high concurrent connections and dual-band transmission capabilities. The TOTOLINK X6000R suffers from an improper input validation vulnerability, which can be exploited by...
Online Bidding System wew.php File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /administrator/wew.php. An attacker can exploit this vulnerability to...
Flowise Cross-Site Scripting Vulnerability
Flowise is a FlowiseAI open source tool for easily building LLM applications. A cross-site scripting vulnerability exists in Flowise version 3.0.5, which originates from a CustomMCP node directly executing user-entered JavaScript code and can be exploited by an attacker to cause remote code...
Artifex Ghostscript pdfmark_coerce_dest function stack buffer overflow vulnerability
Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. Artifex Ghostscript pdfmarkcoercedest function has a stack buffer overflow vulnerability, there is no detailed...
D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-23468)
D-Link DIR-513 is a wireless router product from China's AUO D-Link. The D-Link DIR-513 suffers from a buffer overflow vulnerability due to incorrect manipulation of the parameter webpage in the file /goform/formWPS, no details of the vulnerability are provided at this time...
Online Bidding System index.php File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aduser in the file /administrator/index.php. An attacker can exploit this...
Online Bidding System bidupdate.php File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of file /administrator/bidupdate.php. An attacker can exploit this vulnerability t...
Unspecified Vulnerability in WordPress Plugin Academy LMS
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Academy LMS, which can be exploited by ...
Park Ticketing Management System normal-bwdates-reports-details.php file SQL injection vulnerability
Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter fromdate in the file normal-bwdates-reports-details.php. A...
Hostel Management System login.php File SQL Injection Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter email in the file /justines/admin/login.php. An attacker can use this...
Hostel Management System Home Parameter SQL Injection Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Home in the file /justines/admin/modreports/index.php. An attacker can...
Tenda AC6 formSetIptv Function Command Injection Vulnerability
Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from a command injection vulnerability that stems from the formSetIptv function not validating or cleaning up special characters when handlin...
Tenda AC6 Improper Input Validation Vulnerability
Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from an improper input validation vulnerability that stems from improper handling of the funcname, funcpara1, and funcpara2 parameters in the...
Tenda AC20 strcpy function buffer overflow vulnerability
Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of startIp, a parameter in the strcpy function of the /goform/SetPptpServerCfg file in the HTTP POST request processing component, to correctly validate the length ...
D-Link DCS-935L Buffer Overflow Vulnerability
The D-Link DCS-935L is a router from China's AUO D-Link. A buffer overflow vulnerability exists in D-Link DCS-935L version 1.13.01 and earlier, which originates from the parameter HNAPAUTH/SOAPAction in file /HNAP1/ that fails to correctly validate the length and size of the input data, and can b...