130931 matches found
TOTOLINK A702R /boafrm/formIpQoS File Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the parameter mac in the file /boafrm/formIpQoS failing...
TOTOLINK A702R sub_4162DC function buffer overflow vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the failure of the parameter ip6addr of the function...
Tenda CP6 Encryption Issue Vulnerability
Tenda CP6 is a smart camera from Tenda, a Chinese company. Tenda CP6 version 11.10.00.243 suffers from a cryptographic issue vulnerability that stems from the use of a risky encryption algorithm in the function sub2B7D04 in the component uhttp. An attacker could exploit the vulnerability to cause...
Beauty Parlour Management System edit-services.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...
Beauty Parlour Management System contact-us.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in...
DELL Alienware Command Center Link Following Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for the Alienware family of gaming PCs, monitors and peripherals, designed to optimize hardware performance, personalize settings and manage the system. A link following vulnerability exists in DELL Alienware Command Center, whi...
Unspecified Vulnerability in Akinsoft QR Menü
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12 contain a security vulnerability that originates from improper certificate validation, which can be exploited by an attacker to cause HTTP response splitting...
Akinsoft QR Menü Open Redirect Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. An open redirection vulnerability exists in Akinsoft QR Menü versions prior to s1.05.05 to v1.05.12. The vulnerability stems from the system's failure to reasonably handle target jumps, which can be exploited by an attacker...
Akinsoft QR Menü Cross-Site Request Forgery Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü versions prior to s1.05.06 through v1.05.12 are vulnerable to a cross-site request forgery vulnerability that is caused by improper validation of user-supplied input. No detailed vulnerability details are...
Akinsoft QR Menü Cross-Site Scripting Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Cross-site scripting vulnerability exists in Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12, no detailed vulnerability details are available at this time...
Akinsoft QR Menü Security Bypass Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.07 to v1.05.12 contain a security bypass vulnerability that can be exploited by attackers to cause authentication bypass...
Akinsoft ProKuafor Cross-Site Scripting Vulnerability
Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Cross-site scripting vulnerability exists in Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08, no detailed vulnerability details are available at this time...
Akinsoft ProKuafor Security Bypass Vulnerability
Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08 contain a security bypass vulnerability that can be exploited by attackers to cause a resource disclosure...
Akinsoft OctoCloud Cross-Site Scripting Vulnerability
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Cross-site scripting vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.01 through v1.11.01, no...
Akinsoft OctoCloud Security Bypass Vulnerability (CNVD-2025-20765)
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. A security bypass vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.03 through v1.11.01, which can...
Akinsoft OctoCloud Security Bypass Vulnerability
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Akinsoft OctoCloud versions prior to s1.09.02 through v1.11.01 contain a security bypass vulnerability that can be...
Tenda CH22 /goform/SetSambaConf File Buffer Overflow Vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda brand. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from the parameter sambauserNameSda in file /goform/SetSambaConf that fails to correctly validate the length and size of the input data, which can be...
Tenda CH22 /goform/exeCommand File Buffer Overflow Vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda brand. Tenda CH22 suffers from a buffer overflow vulnerability, which originates from the parameter cmdinput in the file /goform/exeCommand that fails to correctly validate the length and size of the input data, which can be exploited b...
Delta Electronics DIAView Security Bypass Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security bypass vulnerability exists in Delta Electronics DIAView, which can be exploited by attackers to cause authentication bypass...
User Management System admin/change-emailid.php File SQL Injection Vulnerability
User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter uid in the file /admin/change-emailid.php against externally entered SQL statements. An attacker can exploit this...
Small CRM /registration.php File Cross-Site Scripting Vulnerability
Small CRM is a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Username in the file /registration.php, which can be exploited by an attacker to...
Baidu.com Windows Client Remote Command Execution Vulnerability
BaiduNetdisk BaiduNetdisk is a cloud-based platform that provides file storage, synchronization and sharing services. Users can store their personal files through BaiduNetdisk and can share files by linking or inviting others. BaiduNetdisk also provides a file synchronization feature that allows...
Google Android Information Disclosure Vulnerability (CNVD-2026-00039)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to cross-user image disclosure caused by an obfuscated proxy in the showAvatarPicker of EditUserPhotoController.java. An attacker can exploit the...
Google Android elevation of privilege vulnerability (CNVD-2026-10642)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from a lack of privilege checking in the onLastAccessedStackLoaded function in ActionHandler.java, which can be exploited by an attacker to...
Google Android elevation of privilege vulnerability (CNVD-2026-00038)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a competing condition in multiple functions of DevicePolicyManagerService.java. An attacker can exploit the vulnerability to gain elevate...
Apartment Management System e_all_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter mid in file /edashboard/eallinfo.php. An attacker can exploit this...
Sports Management System resultdetails.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /Admin/resultdetails.php. An attacker can exploit this vulnerabili...
TOTOLINK A702R /boafrm/formOneKeyAccessButton File Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file...
Beauty Parlour Management System add-customer-services.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
Google Android elevation of privilege vulnerability (CNVD-2026-00034)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...
Apartment Management System /admin.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...
TOTOLINK A702R /boafrm/formFilter Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from an incorrect operation of the parameter ip6addr in the...
Sports Management System sporttype.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sporttype.php. An attacker can exploit this...
Google Android elevation of privilege vulnerability (CNVD-2026-00033)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in the code at multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the...
Google Android elevation of privilege vulnerability (CNVD-2026-00036)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in the code at multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the...
Google Android Denial of Service Vulnerability (CNVD-2026-00035)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability, which is caused due to a logic error in the code at multiple locations. An attacker can exploit the vulnerability to cause a denial of service...
Akinsoft OctoCloud Source Validation Error Vulnerability
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. A source validation error vulnerability exists in versions prior to Akinsoft OctoCloud s1.09.01 through v1.11.01,...
QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27746)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
QNAP QTS and QuTS hero command injection vulnerability
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
WordPress Booster for WooCommerce Plugin File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Booster for WooCommerce Plugin that stems from a lack of file type validation in the addfilestoorder function, which can be...
QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20853)
QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...
Online Event Judging System create_account.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /createaccount.php. The vulnerability can be...
WordPress Login with phone number plugin missing authorization vulnerability
WordPress Login with phone number plugin is a plugin for implementing cell phone verification code login, support WordPress and WooCommerce platform, users can be authenticated by cell phone SMS or WhatsApp. The WordPress Login with phone number plugin suffers from a lack of authorization...
QNAP QTS and QuTS hero buffer overflow vulnerability
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20852)
QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...
Human Resource Integrated System log_query.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...
Human Resource Integrated System login.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter user/pass in the file /login.php. An attacker can...
Human Resource Integrated System login_query12.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /loginquery12.php. An attacker can exploit...
Human Resource Integrated System login_timeee.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter empid in the file /logintimeee.php. An attacker can...
Simple Grading System edit_account.php File SQL Injection Vulnerability
Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /editaccount.php. An attacker can exploit this vulnerability to execute...