D-Link DI-500WF os Command Injection Vulnerability

The D-Link DI-500WF is a panel type wireless access point AP, mainly used to build wireless network coverage environment, supports 802.11n protocol with a theoretical maximum transmission rate of 150Mbps. The D-Link DI-500WF suffers from an os command injection vulnerability that stems from the...

D-Link DIR-816L /soap.cgi file os command injection vulnerability

The D-Link DIR-816L is a dual-band wireless router that supports 2.4GHz and 5GHz bands with a maximum transfer rate of 450Mbps. The D-Link DIR-816L suffers from an os command injection vulnerability that stems from the parameter service in the file /soap.cgi failing to correctly filter constructe...

Apartment Management System bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtBillType in the file /setting/billsetup.php. An attacker can exploi...

Apartment Management System employee_salary_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ddlEmpName in file /setting/employeesalarysetup.php. An attacker...

Apartment Management System member_type_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtMemberType in the file /setting/membertypesetup.php. An attack...

Apartment Management System r_all_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter mid in file /tdashboard/rallinfo.php. An attacker can exploit this...

Apartment Management System rented_all_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter uid in the file /odashboard/rentedallinfo.php for externally entered SQL statements. An attacker can exploi...

Apartment Management System utility_bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtGasBill in the file /setting/utilitybillsetup.php. An attacker can...

QNAP Systems File Station 5 Null Pointer Dereference Vulnerability

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27747)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Simple Grading System delete_account.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /deleteaccount.php. An attacker can exploit this vulnerability to execute...

QNAP Qsync Central path traversal vulnerability (CNVD-2025-23640)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A path traversal vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to read unexpected file...

QNAP Systems File Station 5 Unlimited Resource Allocation Vulnerability

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. An unrestricted resource allocation vulnerability exists in QNAP Systems File Station 5,...

QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20854)

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

QNAP Systems File Station 5 Denial of Service Vulnerability

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A denial of service vulnerability exists in QNAP Systems File Station 5, which stems fro...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27748)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP Qsync Central Unlimited Resource Allocation Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. An unrestricted resource allocation vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27749)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

QNAP QTS and QuTS hero path traversal vulnerability (CNVD-2025-27802)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Tenda CH22 /goform/IPSECsave File Buffer Overflow Vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda brand. Tenda CH22 has a buffer overflow vulnerability, the vulnerability stems from the parameter ipsecno in the file /goform/IPSECsave fails to correctly validate the length of the input data size, an attacker can use this vulnerabilit...

QNAP Qsync Central Path Traversal Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A path traversal vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to read unexpected file...

QNAP Qsync Central Null Pointer Dereference Vulnerability (CNVD-2025-23638)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A null pointer dereference vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to cause a deni...

QNAP Qsync Central Null Pointer Dereference Vulnerability (CNVD-2025-23637)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A null pointer dereference vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to cause a deni...

QNAP Qsync Central Null Pointer Dereference Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a null pointer dereference vulnerability, which can be exploited by attackers to cause a...

QNAP Qsync Central Unlimited Resource Allocation Vulnerability (CNVD-2025-23623)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. An unrestricted resource allocation vulnerability exists in QNAP Qsync Central, which can be exploited by an attacker to...

QNAP Qsync Central Denial of Service Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A denial of service vulnerability exists in QNAP Qsync Central, which stems from uncontrolled resource consumption and can...

WordPress Ultimate Tag Warrior Importer plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Tag Warrior Importer plugin suffers from a cross-site request forgery vulnerability that arises when a web application does not adequately validate that a...

WordPress TablePress Plugin Cross-Site Scripting Vulnerability

WordPress TablePress Plugin is a table plugin designed for WordPress that allows users to create, edit, and manage tables without programming, with support for multiple data types and interactive features. WordPress TablePress Plugin suffers from a cross-site scripting vulnerability that stems fr...

WordPress Solwin Blog Designer PRO plugin file inclusion vulnerability

WordPress Solwin Blog Designer PRO plugin is a WordPress plugin, mainly used for customizing the design of blog pages, without coding to achieve a variety of style adjustments. A file inclusion vulnerability exists in the WordPress Solwin Blog Designer PRO plugin, which stems from not effectively...

WordPress Slider Revolution plugin path traversal vulnerability

WordPress Slider Revolution plugin is a powerful rotating slider plugin for the WordPress platform, providing a visual editor, rich preset templates and animation effects, supporting responsive design and multi-device compatibility. WordPress Slider Revolution plugin has a path traversal...

WordPress Related Posts Lite plugin cross-site request forgery vulnerability

WordPress Related Posts Lite plugin is a tag-based relevance of the article recommendation plugin, mainly used to improve the site content relevance and user browsing experience. A cross-site request forgery vulnerability exists in the WordPress Related Posts Lite plugin, which stems from missing...

WordPress Pro Bulk Watermark plugin path traversal vulnerability

WordPress Pro Bulk Watermark plugin is an image watermark plugin designed for WordPress websites, mainly used to add custom watermarks to uploaded images in bulk, supporting text and image watermark types. A path traversal vulnerability exists in WordPress Pro Bulk Watermark plugin, which can be...

WordPress OSM Map Widget for Elementor plugin cross-site scripting vulnerability

WordPress OSM Map Widget for Elementor plugin is an Elementor plugin based on OpenStreetMap that allows users to embed interactive maps in WordPress websites. The WordPress OSM Map Widget for Elementor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack...

WordPress Ocean Extra plugin cross-site scripting vulnerability

WordPress Ocean Extra plugin is a free plugin for the WordPress platform, designed for the OceanWP theme, aiming to enhance the website building experience by adding extra functionality and flexibility. A cross-site scripting vulnerability exists in the WordPress Ocean Extra plugin, which stems...

WordPress LWSCache plugin authorization issue vulnerability

WordPress LWSCache plugin is a caching plugin officially developed by WordPress, which is mainly used to optimize the loading speed of the website and improve SEO ranking. WordPress LWSCache plugin has an authorization issue vulnerability, the vulnerability stems from improper authorization of th...

WordPress List Subpages plugin cross-site scripting vulnerability

ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...

WordPress iATS Online Forms plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress iATS Online Forms plugin, which stems from a temporal SQL injection in the parameter order, which can be exploited by an...

WordPress Events Addon for Elementor plugin cross-site scripting vulnerability

WordPress Events Addon for Elementor plugin is a plugin designed for Elementor page builder, mainly for creating event websites. The WordPress Events Addon for Elementor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

Tenda AC9 Hardcoding Vulnerability

Tenda AC9 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in 2016. The Tenda AC9 suffers from a hard-coded vulnerability that originates from an unknown function in the file /etcro/shadow of the component management interface, which can be exploited by an attacker...

QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20855)

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20851)

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20850)

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

QNAP Systems File Station 5 Unlimited Resource Allocation Vulnerability (CNVD-2025-20848)

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. An unrestricted resource allocation vulnerability exists in QNAP Systems File Station 5,...

IBM App Connect Enterprise Certified Container Log Information Disclosure Vulnerability

IBM App Connect Enterprise Certified Container is an image based on the IBM App Connect Enterprise software product from International Business Machines IBM. The package is provided as an executable file that can be deployed and run in a containerized environment. The IBM App Connect Enterprise...

Simple Grading System add_student_grade.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...

QNAP QTS and QuTS hero null pointer dereference vulnerability (CNVD-2025-27750)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

Online Course Registration admin/student-registration.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter studentname in the file /admin/student-registration.php. An...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-23620)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A SQL injection vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to execute unauthorized co...

QNAP QTS and QuTS hero path traversal vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...