131179 matches found
Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-27327)
Foxit PDF Reader is China Foxit Foxit company a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to potentially cause information leakage...
Google Android elevation of privilege vulnerability (CNVD-2025-30730)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Apartment Management System e_all_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter mid in file /edashboard/eallinfo.php. An attacker can exploit this...
Google Android elevation of privilege vulnerability (CNVD-2026-00038)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a competing condition in multiple functions of DevicePolicyManagerService.java. An attacker can exploit the vulnerability to gain elevate...
Akinsoft OctoCloud Security Bypass Vulnerability
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Akinsoft OctoCloud versions prior to s1.09.02 through v1.11.01 contain a security bypass vulnerability that can be...
Sports Management System mode.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/mode.php. An attacker can exploit this vulnerability...
Tenda W12 Hardcoding Vulnerability
Tenda W12 is a dual-band Gigabit wireless panelized access point AP from Tenda Technology, designed for hotels, villas, large homes and other scenarios, supporting the IEEE802.11ac protocol and the Wave2 standard with 1167Mbps dual-band concurrent rate. The Tenda W12 suffers from a hard-coded...
Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2025-27456)
Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which can be exploited by attackers to cause information leakage...
Akinsoft OctoCloud Source Validation Error Vulnerability
Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. A source validation error vulnerability exists in versions prior to Akinsoft OctoCloud s1.09.01 through v1.11.01,...
TOTOLINK A702R /boafrm/formParentControl File Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file...
TOTOLINK A702R /boafrm/formOneKeyAccessButton File Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability that originates from the parameter submit-url in file...
Google Android Information Disclosure Vulnerability (CNVD-2026-00039)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability due to cross-user image disclosure caused by an obfuscated proxy in the showAvatarPicker of EditUserPhotoController.java. An attacker can exploit the...
Google Android elevation of privilege vulnerability (CNVD-2026-00034)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...
Google Android elevation of privilege vulnerability (CNVD-2026-00031)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by intent redirection in multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the system...
Google Android elevation of privilege vulnerability (CNVD-2026-10643)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a logic error vulnerability, which is caused by a code logic error in multiple functions. An attacker can exploit the vulnerability to cause a local elevation of privilege...
Akinsoft QR Menü Open Redirect Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. An open redirection vulnerability exists in Akinsoft QR Menü versions prior to s1.05.05 to v1.05.12. The vulnerability stems from the system's failure to reasonably handle target jumps, which can be exploited by an attacker...
Akinsoft QR Menü Cross-Site Scripting Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Cross-site scripting vulnerability exists in Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12, no detailed vulnerability details are available at this time...
Beauty Parlour Management System signup.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally-entered SQL statements in t...
Akinsoft QR Menü Security Bypass Vulnerability
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.07 to v1.05.12 contain a security bypass vulnerability that can be exploited by attackers to cause authentication bypass...
Beauty Parlour Management System add-customer-services.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
Akinsoft ProKuafor Cross-Site Scripting Vulnerability
Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Cross-site scripting vulnerability exists in Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08, no detailed vulnerability details are available at this time...
Google Android elevation of privilege vulnerability (CNVD-2026-00033)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a logic error in the code at multiple locations. The vulnerability can be exploited by an attacker to gain elevated privileges on the...
Akinsoft ProKuafor Security Bypass Vulnerability
Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08 contain a security bypass vulnerability that can be exploited by attackers to cause a resource disclosure...
Google Android elevation of privilege vulnerability (CNVD-2025-30729)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by a type confusion error in avdtmsgind of avdtmsg.cc. An attacker can exploit the vulnerability to gain elevated privileges on the system...
Unspecified Vulnerability in Akinsoft QR Menü
Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12 contain a security vulnerability that originates from improper certificate validation, which can be exploited by an attacker to cause HTTP response splitting...
Google Android elevation of privilege vulnerability (CNVD-2026-10642)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from a lack of privilege checking in the onLastAccessedStackLoaded function in ActionHandler.java, which can be exploited by an attacker to...
TOTOLINK A702R /boafrm/formFilter Buffer Overflow Vulnerability
TOTOLINK A702R is a wireless router device manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection and signal coverage. The TOTOLINK A702R suffers from a buffer overflow vulnerability, which originates from an incorrect operation of the parameter ip6addr in the...
Tenda AC20 Buffer Overflow Vulnerability
The Tenda AC20 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC20 version 16.03.08.05, which originates from the parameter wanMTU in the file /goform/fromAdvSetMacMtuWan that fails to correctly validate the length of the incoming data, and ca...
Apartment Management System /admin.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in ddlBranch, a parameter of the Setting Handler component in file...
WordPress Mojoomla School Management plugin file upload vulnerability
WordPress Mojoomla School Management plugin is a WordPress plugin mainly used for school management system, support class management, student attendance, grade management, fee collection and other functions. WordPress Mojoomla School Management plugin has a file upload vulnerability, which stems...
QNAP QTS and QuTS hero path traversal vulnerability
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
Online Course Registration admin/student-registration.php File SQL Injection Vulnerability
Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter studentname in the file /admin/student-registration.php. An...
Apartment Management System updateProfile.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter userid in the file /ajax/updateProfile.php. An attacker can exploit...
Simple Grading System delete_student.php File SQL Injection Vulnerability
Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /deletestudent.php. An attacker can exploit this vulnerability to execute...
Simple Grading System login.php File SQL Injection Vulnerability
Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
Tenda AC9 Hardcoding Vulnerability
Tenda AC9 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in 2016. The Tenda AC9 suffers from a hard-coded vulnerability that originates from an unknown function in the file /etcro/shadow of the component management interface, which can be exploited by an attacker...
QNAP Qsync Central Denial of Service Vulnerability
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A denial of service vulnerability exists in QNAP Qsync Central, which stems from uncontrolled resource consumption and can...
QNAP Qsync Central Null Pointer Dereference Vulnerability (CNVD-2025-23637)
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A null pointer dereference vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to cause a deni...
Human Resource Integrated System login.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter user/pass in the file /login.php. An attacker can...
Human Resource Integrated System log_query.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...
Human Resource Integrated System login_query12.php File SQL Injection Vulnerability
Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /loginquery12.php. An attacker can exploit...
WordPress LWSCache plugin authorization issue vulnerability
WordPress LWSCache plugin is a caching plugin officially developed by WordPress, which is mainly used to optimize the loading speed of the website and improve SEO ranking. WordPress LWSCache plugin has an authorization issue vulnerability, the vulnerability stems from improper authorization of th...
WordPress List Subpages plugin cross-site scripting vulnerability
ordPress List Subpages plugin is a plugin used to display the current page page , support for generating sub-page lists and short codes , can be dynamically generated to contain the parameters of the short code . WordPress List Subpages plugin has a cross-site scripting vulnerability that stems...
Online Event Judging System create_account.php File SQL Injection Vulnerability
Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /createaccount.php. The vulnerability can be...
QNAP Systems File Station 5 Null Pointer Dereference Vulnerability (CNVD-2025-20852)
QNAP Systems File Station 5威联通QNAP presents a file management application for browsing, uploading, downloading and managing files and folders stored on NAS devices, remote servers or external storage devices. A null pointer dereference vulnerability exists in QNAP Systems File Station 5, which ca...
WordPress iATS Online Forms plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress iATS Online Forms plugin, which stems from a temporal SQL injection in the parameter order, which can be exploited by an...
TRENDnet TV-IP410 Command Injection Vulnerability
TRENDnet TV-IP410 is an Internet TV from TRENDnet. The TRENDnet TV-IP410 suffers from a command injection vulnerability that stems from misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause arbitrary command execution...
Simple Grading System edit_account.php File SQL Injection Vulnerability
Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /editaccount.php. An attacker can exploit this vulnerability to execute...
Apartment Management System r_all_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in parameter mid in file /tdashboard/rallinfo.php. An attacker can exploit this...
Apartment Management System rented_all_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter uid in the file /odashboard/rentedallinfo.php for externally entered SQL statements. An attacker can exploi...