Lucene search
+L

131179 matches found

CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

Complaint Management System SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...

6.5CVSS8.2AI score0.004EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

D-Link DI-8400 yyxz.asp File Stack Buffer Overflow Vulnerability

The D-Link DI-8400 is an enterprise-class Internet behavior management router from D-Link for medium to large enterprise network environments. The D-Link DI-8400 suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the parameter ID of the functi...

9CVSS7.7AI score0.01395EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.3 views

Apache DolphinScheduler Default Privilege Error Vulnerability

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. Apache DolphinScheduler versions prior to 3.2.2 are vulnerable to a default privilege error vulnerability, no details of the vulnerability are provided at this time...

9.8CVSS6.9AI score0.00496EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.5 views

SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24710)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. An information disclosure vulnerability exists in SAMSUNG Notes, which can be exploited by an attacker to access exported notes files...

5CVSS6.3AI score0.00112EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.7 views

Akinsoft MyRezzta Authentication Bypass Vulnerability

Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta, which stems from improperly limiting authentication attempts and could lead to authentication bypass, password recovery exploitation, and brute-force breakin...

9.8CVSS7AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.2 views

Complaint Management System userprofile.php file cross-site scripting vulnerability

Complaint Management System is a complaint management system. A cross-site scripting vulnerability exists in Complaint Management System, which stems from a lack of effective filtering and escaping of user-supplied data in the fullname parameter of admin/userprofile.php, for which no detailed...

8.8CVSS6.2AI score0.00561EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.1 views

Complaint Management System in PHP reset-password.php file SQL injection vulnerability

Complaint Management System in PHP is a complaint management system. Complaint Management System in PHP suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the mobileno parameter of user/reset-password.php. An attacker can...

8.1CVSS8.3AI score0.0041EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.3 views

Doctor Appointment Management System Cross-Site Scripting Vulnerability

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, no details of the vulnerability...

7.6CVSS6.1AI score0.00362EPSS
Exploits2References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.5 views

Online Shopping Portal File Upload Vulnerability

Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...

9.1CVSS7AI score0.00446EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24709)

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...

4.3CVSS6.3AI score0.00136EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.6 views

Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability

Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...

8.4CVSS7.8AI score0.00186EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.7 views

Tenda AC8 formWifiBasicSet function buffer overflow vulnerability

Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. A buffer overflow vulnerability exists in the Tenda AC8, which is caused by the formWifiBasicSet function failing to correctly...

7.5CVSS7.4AI score0.0037EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.5 views

Complaint Management System in PHP subcategory.php file cross-site scripting vulnerability

Complaint Management System in PHP is a complaint management system. A cross-site scripting vulnerability exists in Complaint Management System in PHP, which stems from the lack of effective filtering and escaping of user-supplied data in the categoryName parameter of admin/subcategory.php, for...

7.2CVSS6.3AI score0.00584EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.7 views

TOTOLINK N600R Command Injection Vulnerability

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...

9.8CVSS7.7AI score0.02997EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.7 views

Unspecified Vulnerability in Akinsoft MyRezzta

Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...

6.3CVSS7AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.10 views

Apache DolphinScheduler Code Execution Vulnerability

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. A code execution vulnerability exists in Apache DolphinScheduler versions prior to 3.2.2 due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary shell scripts on...

8.8CVSS8AI score0.00461EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.6 views

Freescout deserialization vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from the application's unsaf...

8.8CVSS7.3AI score0.00668EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.6 views

Travel Management System SQL Injection Vulnerability

Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter pid in the file /detail.php. An attacker can exploit this vulnerability to...

9.8CVSS7.9AI score0.00409EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.5 views

Akinsoft MyRezzta Authentication Bypass Vulnerability

Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta that stems from improperly limiting authentication attempts, and no detailed vulnerability details are available at this time...

8.6CVSS7AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Sports Management System resultdetails.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /Admin/resultdetails.php. An attacker can exploit this vulnerabili...

9.8CVSS7.8AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

IBM Concert Software Cross-Site Scripting Vulnerability

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Foxit PDF Reader code issue vulnerability (CNVD-2025-27455)

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to cause a local elevation of privilege...

7.8CVSS7.2AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

TOTOLINK A702R sub_4162DC function buffer overflow vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the failure of the parameter ip6addr of the function...

9CVSS9.1AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Google Android elevation of privilege vulnerability (CNVD-2026-00037)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a clickjacking/overwriting attack in finishTransition of Transition.java. An attacker can exploit this vulnerability to gain elevated privileges on...

7.3CVSS7.3AI score0.00077EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.6 views

Google Android Denial of Service Vulnerability (CNVD-2026-00035)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability, which is caused due to a logic error in the code at multiple locations. An attacker can exploit the vulnerability to cause a denial of service...

5.5CVSS7AI score0.00077EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.6 views

Google Android elevation of privilege vulnerability (CNVD-2026-00036)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in the code at multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the...

7.8CVSS7.6AI score0.00093EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Tenda CP6 Encryption Issue Vulnerability

Tenda CP6 is a smart camera from Tenda, a Chinese company. Tenda CP6 version 11.10.00.243 suffers from a cryptographic issue vulnerability that stems from the use of a risky encryption algorithm in the function sub2B7D04 in the component uhttp. An attacker could exploit the vulnerability to cause...

6.3CVSS4.9AI score0.00315EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Sports Management System gametype.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/gametype.php. An attacker can exploit this...

9.8CVSS7AI score0.00323EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.6 views

Sports Management System sporttype.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sporttype.php. An attacker can exploit this...

9.8CVSS8.4AI score0.00483EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

User Management System admin/change-emailid.php File SQL Injection Vulnerability

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter uid in the file /admin/change-emailid.php against externally entered SQL statements. An attacker can exploit this...

8.8CVSS7AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Tenda CH22 /goform/SetSambaConf File Buffer Overflow Vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda brand. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from the parameter sambauserNameSda in file /goform/SetSambaConf that fails to correctly validate the length and size of the input data, which can be...

9CVSS9.1AI score0.00785EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.7 views

Google Android elevation of privilege vulnerability (CNVD-2026-11739)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in the setMediaButtonReceiver of multiple files. An attacker can exploit this vulnerability to cause a local elevation of...

7.8CVSS6AI score0.00086EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Sports Management System tournament_details.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter ID in file /Admin/tournamentdetails.php. An attacker can exploit this vulnerability t...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Google Android elevation of privilege vulnerability (CNVD-2026-00040)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by the use of InputDispatcher.cpp after KeyEventLockedInterrupt. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS7.2AI score0.00082EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

TOTOLINK A702R /boafrm/formIpQoS File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the parameter mac in the file /boafrm/formIpQoS failing...

9CVSS9.1AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Small CRM /registration.php File Cross-Site Scripting Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Username in the file /registration.php, which can be exploited by an attacker to...

5.4CVSS4.7AI score0.00256EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Google Android elevation of privilege vulnerability (CNVD-2026-00032)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local escalation of privileges...

7.8CVSS7.1AI score0.00083EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.6 views

Akinsoft OctoCloud Cross-Site Scripting Vulnerability

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Cross-site scripting vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.01 through v1.11.01, no...

4.3CVSS6.5AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Google Android Information Disclosure Vulnerability (CNVD-2025-30731)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

5.5CVSS6.2AI score0.00088EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Beauty Parlour Management System edit-services.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Beauty Parlour Management System contact-us.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in...

9.8CVSS7.9AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Akinsoft QR Menü Cross-Site Request Forgery Vulnerability

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü versions prior to s1.05.06 through v1.05.12 are vulnerable to a cross-site request forgery vulnerability that is caused by improper validation of user-supplied input. No detailed vulnerability details are...

8.6CVSS7AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Baidu.com Windows Client Remote Command Execution Vulnerability

BaiduNetdisk BaiduNetdisk is a cloud-based platform that provides file storage, synchronization and sharing services. Users can store their personal files through BaiduNetdisk and can share files by linking or inviting others. BaiduNetdisk also provides a file synchronization feature that allows...

7.5AI score
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.6 views

Google Android elevation of privilege vulnerability (CNVD-2026-11740)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the handleKeyGestureEvent code of PhoneWindowManager.java, which can be exploited by an attacker to cause a local elevation of...

7.8CVSS6AI score0.00087EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Sports Management System facilitator.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/facilitator.php. An attacker can exploit this vulnerabili...

9.8CVSS7.9AI score0.0055EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

D-Link DIR-852 os Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from an os command injection vulnerability, which stems from the parameter service in the file soap.cgi...

9.8CVSS7.7AI score0.15815EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Delta Electronics DIAView Security Bypass Vulnerability

Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security bypass vulnerability exists in Delta Electronics DIAView, which can be exploited by attackers to cause authentication bypass...

5.8CVSS7.1AI score0.00191EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Tenda CH22 /goform/exeCommand File Buffer Overflow Vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda brand. Tenda CH22 suffers from a buffer overflow vulnerability, which originates from the parameter cmdinput in the file /goform/exeCommand that fails to correctly validate the length and size of the input data, which can be exploited b...

9CVSS9.2AI score0.00595EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

DELL Alienware Command Center Link Following Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for the Alienware family of gaming PCs, monitors and peripherals, designed to optimize hardware performance, personalize settings and manage the system. A link following vulnerability exists in DELL Alienware Command Center, whi...

7.8CVSS6.8AI score0.00128EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

Akinsoft OctoCloud Security Bypass Vulnerability (CNVD-2025-20765)

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. A security bypass vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.03 through v1.11.01, which can...

8.6CVSS6.9AI score0.00325EPSS
Exploits0References1
Total number of security vulnerabilities131179