131179 matches found
Complaint Management System SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...
D-Link DI-8400 yyxz.asp File Stack Buffer Overflow Vulnerability
The D-Link DI-8400 is an enterprise-class Internet behavior management router from D-Link for medium to large enterprise network environments. The D-Link DI-8400 suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the parameter ID of the functi...
Apache DolphinScheduler Default Privilege Error Vulnerability
Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. Apache DolphinScheduler versions prior to 3.2.2 are vulnerable to a default privilege error vulnerability, no details of the vulnerability are provided at this time...
SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24710)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. An information disclosure vulnerability exists in SAMSUNG Notes, which can be exploited by an attacker to access exported notes files...
Akinsoft MyRezzta Authentication Bypass Vulnerability
Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta, which stems from improperly limiting authentication attempts and could lead to authentication bypass, password recovery exploitation, and brute-force breakin...
Complaint Management System userprofile.php file cross-site scripting vulnerability
Complaint Management System is a complaint management system. A cross-site scripting vulnerability exists in Complaint Management System, which stems from a lack of effective filtering and escaping of user-supplied data in the fullname parameter of admin/userprofile.php, for which no detailed...
Complaint Management System in PHP reset-password.php file SQL injection vulnerability
Complaint Management System in PHP is a complaint management system. Complaint Management System in PHP suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the mobileno parameter of user/reset-password.php. An attacker can...
Doctor Appointment Management System Cross-Site Scripting Vulnerability
Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, no details of the vulnerability...
Online Shopping Portal File Upload Vulnerability
Online Shopping Portal is an online store. A file upload vulnerability exists in Online Shopping Portal, which stems from a lack of extension validation in /admin/insert-product.php, and can be exploited by an attacker to cause arbitrary file uploads...
SAMSUNG Notes Information Disclosure Vulnerability (CNVD-2025-24709)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an information disclosure vulnerability that can be exploited by an attacker to cause data access across user profiles...
Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability
Fuji Electric FRENIC-Loader 4 is a computer software designed for Fuji Electric inverters such as the FRENIC series, mainly for parameter setting, monitoring and debugging. A deserialization vulnerability exists in Fuji Electric FRENIC-Loader 4, which can be exploited by an attacker to execute...
Tenda AC8 formWifiBasicSet function buffer overflow vulnerability
Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. A buffer overflow vulnerability exists in the Tenda AC8, which is caused by the formWifiBasicSet function failing to correctly...
Complaint Management System in PHP subcategory.php file cross-site scripting vulnerability
Complaint Management System in PHP is a complaint management system. A cross-site scripting vulnerability exists in Complaint Management System in PHP, which stems from the lack of effective filtering and escaping of user-supplied data in the categoryName parameter of admin/subcategory.php, for...
TOTOLINK N600R Command Injection Vulnerability
The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a command injection vulnerability that originates from...
Unspecified Vulnerability in Akinsoft MyRezzta
Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...
Apache DolphinScheduler Code Execution Vulnerability
Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. A code execution vulnerability exists in Apache DolphinScheduler versions prior to 3.2.2 due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary shell scripts on...
Freescout deserialization vulnerability
FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from the application's unsaf...
Travel Management System SQL Injection Vulnerability
Travel Management System is a travel management system. Travel Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter pid in the file /detail.php. An attacker can exploit this vulnerability to...
Akinsoft MyRezzta Authentication Bypass Vulnerability
Aiseesoft is a technology company specializing in software development. An authentication bypass vulnerability exists in Akinsoft MyRezzta that stems from improperly limiting authentication attempts, and no detailed vulnerability details are available at this time...
Sports Management System resultdetails.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /Admin/resultdetails.php. An attacker can exploit this vulnerabili...
IBM Concert Software Cross-Site Scripting Vulnerability
IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...
Foxit PDF Reader code issue vulnerability (CNVD-2025-27455)
Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to cause a local elevation of privilege...
TOTOLINK A702R sub_4162DC function buffer overflow vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the failure of the parameter ip6addr of the function...
Google Android elevation of privilege vulnerability (CNVD-2026-00037)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a clickjacking/overwriting attack in finishTransition of Transition.java. An attacker can exploit this vulnerability to gain elevated privileges on...
Google Android Denial of Service Vulnerability (CNVD-2026-00035)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability, which is caused due to a logic error in the code at multiple locations. An attacker can exploit the vulnerability to cause a denial of service...
Google Android elevation of privilege vulnerability (CNVD-2026-00036)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in the code at multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the...
Tenda CP6 Encryption Issue Vulnerability
Tenda CP6 is a smart camera from Tenda, a Chinese company. Tenda CP6 version 11.10.00.243 suffers from a cryptographic issue vulnerability that stems from the use of a risky encryption algorithm in the function sub2B7D04 in the component uhttp. An attacker could exploit the vulnerability to cause...
Sports Management System gametype.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/gametype.php. An attacker can exploit this...
Sports Management System sporttype.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sporttype.php. An attacker can exploit this...
User Management System admin/change-emailid.php File SQL Injection Vulnerability
User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter uid in the file /admin/change-emailid.php against externally entered SQL statements. An attacker can exploit this...
Tenda CH22 /goform/SetSambaConf File Buffer Overflow Vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda brand. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from the parameter sambauserNameSda in file /goform/SetSambaConf that fails to correctly validate the length and size of the input data, which can be...
Google Android elevation of privilege vulnerability (CNVD-2026-11739)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in the setMediaButtonReceiver of multiple files. An attacker can exploit this vulnerability to cause a local elevation of...
Sports Management System tournament_details.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter ID in file /Admin/tournamentdetails.php. An attacker can exploit this vulnerability t...
Google Android elevation of privilege vulnerability (CNVD-2026-00040)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by the use of InputDispatcher.cpp after KeyEventLockedInterrupt. An attacker can exploit the vulnerability to elevate privileges...
TOTOLINK A702R /boafrm/formIpQoS File Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the parameter mac in the file /boafrm/formIpQoS failing...
Small CRM /registration.php File Cross-Site Scripting Vulnerability
Small CRM is a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Username in the file /registration.php, which can be exploited by an attacker to...
Google Android elevation of privilege vulnerability (CNVD-2026-00032)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local escalation of privileges...
Akinsoft OctoCloud Cross-Site Scripting Vulnerability
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Cross-site scripting vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.01 through v1.11.01, no...
Google Android Information Disclosure Vulnerability (CNVD-2025-30731)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Beauty Parlour Management System edit-services.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...
Beauty Parlour Management System contact-us.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in...
Akinsoft QR Menü Cross-Site Request Forgery Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü versions prior to s1.05.06 through v1.05.12 are vulnerable to a cross-site request forgery vulnerability that is caused by improper validation of user-supplied input. No detailed vulnerability details are...
Baidu.com Windows Client Remote Command Execution Vulnerability
BaiduNetdisk BaiduNetdisk is a cloud-based platform that provides file storage, synchronization and sharing services. Users can store their personal files through BaiduNetdisk and can share files by linking or inviting others. BaiduNetdisk also provides a file synchronization feature that allows...
Google Android elevation of privilege vulnerability (CNVD-2026-11740)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the handleKeyGestureEvent code of PhoneWindowManager.java, which can be exploited by an attacker to cause a local elevation of...
Sports Management System facilitator.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/facilitator.php. An attacker can exploit this vulnerabili...
D-Link DIR-852 os Command Injection Vulnerability
D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from an os command injection vulnerability, which stems from the parameter service in the file soap.cgi...
Delta Electronics DIAView Security Bypass Vulnerability
Delta Electronics DIAView is an industrial configuration software from Delta Electronics China. A security bypass vulnerability exists in Delta Electronics DIAView, which can be exploited by attackers to cause authentication bypass...
Tenda CH22 /goform/exeCommand File Buffer Overflow Vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda brand. Tenda CH22 suffers from a buffer overflow vulnerability, which originates from the parameter cmdinput in the file /goform/exeCommand that fails to correctly validate the length and size of the input data, which can be exploited b...
DELL Alienware Command Center Link Following Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for the Alienware family of gaming PCs, monitors and peripherals, designed to optimize hardware performance, personalize settings and manage the system. A link following vulnerability exists in DELL Alienware Command Center, whi...
Akinsoft OctoCloud Security Bypass Vulnerability (CNVD-2025-20765)
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. A security bypass vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.03 through v1.11.01, which can...