Lucene search
+L

131179 matches found

CNVD
CNVD
added 2025/09/04 12:0 a.m.6 views

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-27327)

Foxit PDF Reader is China Foxit Foxit company a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to potentially cause information leakage...

5.5CVSS6.6AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.7 views

Google Android elevation of privilege vulnerability (CNVD-2025-30730)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

7.8CVSS7.2AI score0.00075EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Apartment Management System e_all_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter mid in file /edashboard/eallinfo.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Google Android elevation of privilege vulnerability (CNVD-2026-00038)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a competing condition in multiple functions of DevicePolicyManagerService.java. An attacker can exploit the vulnerability to gain elevate...

7CVSS7.4AI score0.00064EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.7 views

Akinsoft OctoCloud Security Bypass Vulnerability

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Akinsoft OctoCloud versions prior to s1.09.02 through v1.11.01 contain a security bypass vulnerability that can be...

4.7CVSS6.8AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

Sports Management System mode.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/mode.php. An attacker can exploit this vulnerability...

9.8CVSS7AI score0.00403EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

Tenda W12 Hardcoding Vulnerability

Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. The Tenda W12 suffers from a hard-coded...

7CVSS6.9AI score0.0013EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-27456)

Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to cause information leakage...

5.5CVSS4.2AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Akinsoft OctoCloud Source Validation Error Vulnerability

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. A source validation error vulnerability exists in versions prior to Akinsoft OctoCloud s1.09.01 through v1.11.01,...

4.7CVSS6.8AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

TOTOLINK A702R /boafrm/formParentControl File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file...

9CVSS9.1AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

TOTOLINK A702R /boafrm/formOneKeyAccessButton File Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file...

9CVSS9.1AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Google Android Information Disclosure Vulnerability (CNVD-2026-00039)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to cross-user image disclosure caused by an obfuscated proxy in the showAvatarPicker of EditUserPhotoController.java. An attacker can exploit the...

5.5CVSS6.2AI score0.00108EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.11 views

Google Android elevation of privilege vulnerability (CNVD-2026-00034)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

7.3CVSS7.4AI score0.00076EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Google Android elevation of privilege vulnerability (CNVD-2026-00031)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by intent redirection in multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the system...

7.8CVSS7.4AI score0.00075EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.7 views

Google Android elevation of privilege vulnerability (CNVD-2026-10643)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a logic error vulnerability, which is caused by a code logic error in multiple functions. An attacker can exploit the vulnerability to cause a local elevation of privilege...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Akinsoft QR Menü Open Redirect Vulnerability

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. An open redirection vulnerability exists in Akinsoft QR Menü versions prior to s1.05.05 to v1.05.12. The vulnerability stems from the system's failure to reasonably handle target jumps, which can be exploited by an attacker...

6.3CVSS7.1AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Akinsoft QR Menü Cross-Site Scripting Vulnerability

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Cross-site scripting vulnerability exists in Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12, no detailed vulnerability details are available at this time...

4.3CVSS6.7AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

Beauty Parlour Management System signup.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...

9.8CVSS8AI score0.00415EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Akinsoft QR Menü Security Bypass Vulnerability

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.07 to v1.05.12 contain a security bypass vulnerability that can be exploited by attackers to cause authentication bypass...

8.6CVSS7.1AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

Beauty Parlour Management System add-customer-services.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...

9.8CVSS7.9AI score0.00387EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Akinsoft ProKuafor Cross-Site Scripting Vulnerability

Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Cross-site scripting vulnerability exists in Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08, no detailed vulnerability details are available at this time...

4.3CVSS6.5AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.10 views

Google Android elevation of privilege vulnerability (CNVD-2026-00033)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in the code at multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the...

9.8CVSS7.6AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.2 views

Akinsoft ProKuafor Security Bypass Vulnerability

Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08 contain a security bypass vulnerability that can be exploited by attackers to cause a resource disclosure...

4.7CVSS6.8AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.3 views

Google Android elevation of privilege vulnerability (CNVD-2025-30729)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a type confusion error in avdtmsgind of avdtmsg.cc. An attacker can exploit the vulnerability to gain elevated privileges on the system...

9.8CVSS7.3AI score0.00237EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.1 views

Unspecified Vulnerability in Akinsoft QR Menü

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12 contain a security vulnerability that originates from improper certificate validation, which can be exploited by an attacker to cause HTTP response splitting...

7.3CVSS7AI score0.00141EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.4 views

Google Android elevation of privilege vulnerability (CNVD-2026-10642)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from a lack of privilege checking in the onLastAccessedStackLoaded function in ActionHandler.java, which can be exploited by an attacker to...

7.3CVSS5.7AI score0.00077EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.7 views

TOTOLINK A702R /boafrm/formFilter Buffer Overflow Vulnerability

TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from an incorrect operation of the parameter ip6addr in the...

9CVSS9.1AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.7 views

Tenda AC20 Buffer Overflow Vulnerability

The Tenda AC20 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC20 version 16.03.08.05, which originates from the parameter wanMTU in the file /goform/fromAdvSetMacMtuWan that fails to correctly validate the length of the incoming data, and ca...

9.8CVSS9.1AI score0.0077EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/04 12:0 a.m.5 views

Apartment Management System /admin.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.4 views

WordPress Mojoomla School Management plugin file upload vulnerability

WordPress Mojoomla School Management plugin is a WordPress plugin mainly used for school management system, support class management, student attendance, grade management, fee collection and other functions. WordPress Mojoomla School Management plugin has a file upload vulnerability, which stems...

9.9CVSS7AI score0.00335EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.4 views

QNAP QTS and QuTS hero path traversal vulnerability

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

6.5CVSS6.6AI score0.00445EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.6 views

Online Course Registration admin/student-registration.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter studentname in the file /admin/student-registration.php. An...

9.8CVSS7.9AI score0.00383EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

Apartment Management System updateProfile.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter userid in the file /ajax/updateProfile.php. An attacker can exploit...

9.8CVSS8.3AI score0.00383EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.2 views

Simple Grading System delete_student.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /deletestudent.php. An attacker can exploit this vulnerability to execute...

8.8CVSS8.2AI score0.00348EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.2 views

Simple Grading System login.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

9.8CVSS8.2AI score0.0055EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.6 views

Tenda AC9 Hardcoding Vulnerability

Tenda AC9 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in 2016. The Tenda AC9 suffers from a hard-coded vulnerability that originates from an unknown function in the file /etcro/shadow of the component management interface, which can be exploited by an attacker...

7CVSS7AI score0.00131EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

QNAP Qsync Central Denial of Service Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A denial of service vulnerability exists in QNAP Qsync Central, which stems from uncontrolled resource consumption and can...

6.5CVSS6.7AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.5 views

QNAP Qsync Central Null Pointer Dereference Vulnerability (CNVD-2025-23637)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A null pointer dereference vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to cause a deni...

6.5CVSS6.7AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.4 views

Human Resource Integrated System login.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter user/pass in the file /login.php. An attacker can...

7.5CVSS8.2AI score0.0041EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.5 views

Human Resource Integrated System log_query.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...

9.8CVSS8.2AI score0.00435EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.4 views

Human Resource Integrated System login_query12.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /loginquery12.php. An attacker can exploit...

7.5CVSS8.3AI score0.00377EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

WordPress LWSCache plugin authorization issue vulnerability

WordPress LWSCache plugin is a caching plugin officially developed by WordPress, which is mainly used to optimize the loading speed of the website and improve SEO ranking. WordPress LWSCache plugin has an authorization issue vulnerability, the vulnerability stems from improper authorization of th...

4.3CVSS6.9AI score0.00226EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

WordPress List Subpages plugin cross-site scripting vulnerability

ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...

6.4CVSS6.4AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

Online Event Judging System create_account.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /createaccount.php. The vulnerability can be...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20852)

QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...

6.5CVSS6.8AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

WordPress iATS Online Forms plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress iATS Online Forms plugin, which stems from a temporal SQL injection in the parameter order, which can be exploited by an...

6.5CVSS8.2AI score0.00278EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.5 views

TRENDnet TV-IP410 Command Injection Vulnerability

TRENDnet TV-IP410 is an Internet TV from TRENDnet. The TRENDnet TV-IP410 suffers from a command injection vulnerability that stems from misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause arbitrary command execution...

9.8CVSS5.9AI score0.01081EPSS
Exploits0
CNVD
CNVD
added 2025/09/02 12:0 a.m.2 views

Simple Grading System edit_account.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /editaccount.php. An attacker can exploit this vulnerability to execute...

8.8CVSS8.2AI score0.00437EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.2 views

Apartment Management System r_all_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter mid in file /tdashboard/rallinfo.php. An attacker can exploit this...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/02 12:0 a.m.2 views

Apartment Management System rented_all_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter uid in the file /odashboard/rentedallinfo.php for externally entered SQL statements. An attacker can exploi...

9.8CVSS8.3AI score0.00387EPSS
Exploits1References1
Total number of security vulnerabilities131179