Google Android Information Disclosure Vulnerability (CNVD-2025-24499)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a letter disclosure vulnerability, which is caused by a logic error in multiple locations. An attacker can exploit the vulnerability to potentially cause a local information leak...

Google Android Logic Error Vulnerability (CNVD-2025-26798)

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from a logic error vulnerability that can be exploited by...

Google Android elevation of privilege vulnerability (CNVD-2025-30722)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code of multiple functions in RoleService.java, which can be exploited by an attacker to gain elevated privileges on the system...

Google Android elevation of privilege vulnerability (CNVD-2025-23046)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by background activity that may be initiated as a result of logic errors in multiple functions of LocationProviderManager.java. An attacker...

Google Android Denial of Service Vulnerability (CNVD-2025-28660)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by the way the setApplicationHiddenSettingsUser function in PackageManagerService.java hides system critical packages due to incorrect input...

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2025-21256)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. A cross-site scripting vulnerability exists in Cisco Webex Meetings that stems from insufficient validation of user input and can be exploited by an attacker to cause a cross-site scripting attack...

D-Link DI-8400 yyxz.asp File Stack Buffer Overflow Vulnerability

The D-Link DI-8400 is an enterprise-class Internet behavior management router from D-Link for medium to large enterprise network environments. The D-Link DI-8400 suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the parameter ID of the functi...

Apache DolphinScheduler Default Privilege Error Vulnerability

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. Apache DolphinScheduler versions prior to 3.2.2 are vulnerable to a default privilege error vulnerability, no details of the vulnerability are provided at this time...

Complaint Management System SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...

Tenda AC8 formWifiBasicSet function buffer overflow vulnerability

Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. A buffer overflow vulnerability exists in the Tenda AC8, which is caused by the formWifiBasicSet function failing to correctly...

Online Shopping Portal File Upload Vulnerability

Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...

Complaint Management System userprofile.php file cross-site scripting vulnerability

Complaint Management System is a complaint management system. A cross-site scripting vulnerability exists in Complaint Management System, which stems from a lack of effective filtering and escaping of user-supplied data in the fullname parameter of admin/userprofile.php, for which no detailed...

SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24710)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. An information disclosure vulnerability exists in SAMSUNG Notes, which can be exploited by an attacker to access exported notes files...

SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24709)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...

Complaint Management System in PHP subcategory.php file cross-site scripting vulnerability

Complaint Management System in PHP is a complaint management system. A cross-site scripting vulnerability exists in Complaint Management System in PHP, which stems from the lack of effective filtering and escaping of user-supplied data in the categoryName parameter of admin/subcategory.php, for...

Mobile Shop Management System AddNewProduct.php file code problem vulnerability

Mobile Shop Management System is a store management system. Mobile Shop Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter ProductImage in the file AddNewProduct.php. An attacker can exploit this vulnerability to upload...

Complaint Management System in PHP reset-password.php file SQL injection vulnerability

Complaint Management System in PHP is a complaint management system. Complaint Management System in PHP suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the mobileno parameter of user/reset-password.php. An attacker can...

Freescout deserialization vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from the application's unsaf...

Unspecified Vulnerability in Akinsoft MyRezzta

Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...

Akinsoft MyRezzta Authentication Bypass Vulnerability

Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta, which stems from improperly limiting authentication attempts and could lead to authentication bypass, password recovery exploitation, and brute-force breakin...

Travel Management System SQL Injection Vulnerability

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter pid in the file /detail.php. An attacker can exploit this vulnerability to...

Doctor Appointment Management System Cross-Site Scripting Vulnerability

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, no details of the vulnerability...

Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability

Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...

Apache DolphinScheduler Code Execution Vulnerability

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. A code execution vulnerability exists in Apache DolphinScheduler versions prior to 3.2.2 due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary shell scripts on...

TOTOLINK N600R Command Injection Vulnerability

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...

Complaint Management System registration.php file SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements for the fullname, email, and contactno parameters in user/registration.php. An...

Akinsoft MyRezzta Authentication Bypass Vulnerability

Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta that stems from improperly limiting authentication attempts, and no detailed vulnerability details are available at this time...

Google Android elevation of privilege vulnerability (CNVD-2026-00037)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a clickjacking/overwriting attack in finishTransition of Transition.java. An attacker can exploit this vulnerability to gain elevated privileges on...

Google Android elevation of privilege vulnerability (CNVD-2026-10643)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a logic error vulnerability, which is caused by a code logic error in multiple functions. An attacker can exploit the vulnerability to cause a local elevation of privilege...

Tenda W12 Hardcoding Vulnerability

Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. The Tenda W12 suffers from a hard-coded...

Google Android elevation of privilege vulnerability (CNVD-2026-11740)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the handleKeyGestureEvent code of PhoneWindowManager.java, which can be exploited by an attacker to cause a local elevation of...

Google Android elevation of privilege vulnerability (CNVD-2026-11739)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in the setMediaButtonReceiver of multiple files. An attacker can exploit this vulnerability to cause a local elevation of...

Google Android elevation of privilege vulnerability (CNVD-2026-00032)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local escalation of privileges...

D-Link DIR-852 os Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from an os command injection vulnerability, which stems from the parameter service in the file soap.cgi...

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-27327)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to potentially cause information leakage...

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-27456)

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to cause information leakage...

Foxit PDF Reader code issue vulnerability (CNVD-2025-27455)

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to cause a local elevation of privilege...

Google Android elevation of privilege vulnerability (CNVD-2026-00040)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by the use of InputDispatcher.cpp after KeyEventLockedInterrupt. An attacker can exploit the vulnerability to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2026-00031)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by intent redirection in multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the system...

Google Android elevation of privilege vulnerability (CNVD-2025-30730)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-30729)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a type confusion error in avdtmsgind of avdtmsg.cc. An attacker can exploit the vulnerability to gain elevated privileges on the system...

Google Android Information Disclosure Vulnerability (CNVD-2025-30731)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Sports Management System facilitator.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/facilitator.php. An attacker can exploit this vulnerabili...

Sports Management System gametype.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/gametype.php. An attacker can exploit this...

Sports Management System mode.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/mode.php. An attacker can exploit this vulnerability...

Sports Management System tournament_details.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter ID in file /Admin/tournamentdetails.php. An attacker can exploit this vulnerability t...

Tenda AC20 Buffer Overflow Vulnerability

The Tenda AC20 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC20 version 16.03.08.05, which originates from the parameter wanMTU in the file /goform/fromAdvSetMacMtuWan that fails to correctly validate the length of the incoming data, and ca...

Beauty Parlour Management System signup.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

IBM Concert Software Cross-Site Scripting Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...

TOTOLINK A702R /boafrm/formParentControl File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file...