Apache Log4cxx Cross-Site Scripting Vulnerability

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . A cross-site scripting vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from HTMLLayout not properly escaping logger names, and can be exploited by an...

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19562)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which stems from a sandboxed iframe that may bypass restrictions on downloading files to the device. An...

User Management System emailid Parameter SQL Injection Vulnerability

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid of the signup.php file. An attacker can exploit this vulnerability to...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-19501)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Sports Management System sports.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sports.php. An attacker can exploit this vulnerabili...

Tenda AX3 saveParentControlInfo function buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a buffer overflow vulnerability that originates from the deviceName parameter in th...

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2025-26895)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

Code execution vulnerability in multiple Mozilla products (CNVD-2025-26894)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...

Lingdang CRM SQL Injection Vulnerability

Lingdang CRM Lingdang CRM is a customer relationship management system of China Lingdang Lingdang company. Lingdang CRM SQL injection vulnerability exists, the vulnerability stems from the improper operation of the getvaluestring parameter in the /crm/crmapi/erp/tabdetailmoduleSave.php file, whic...

Tenda AC6 fromSetSysTime function ntpServer parameter buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 suffers from a buffer overflow vulnerability that originates from the ntpServer parameter in the...

Adobe ColdFusion Server-Side Request Forgery Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a server-side request forgery vulnerability that can be exploited by an attacker t...

Apache StreamPark SQL Injection Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A SQL injection vulnerability exists in Apache StreamPark versions 2.1.4 through 2.1.6 and earlier, which stems from the application's lack of validation of externally entered S...

TOTOLINK A3002R url parameter buffer overflow vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from improperly...

Foxit PDF Reader Buffer Overflow Vulnerability

oxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that originates from out-of-bounds reads when parsing PRC files without validating user input, which could lead to remote code execution. A remote attacker can exploit this...

TOTOLINK A3002R eval function command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. TOTOLINK A3002R suffers from a command injection vulnerability that stems from the presence of command...

TOTOLINK A3002R devicemac parameter command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from an OS command injection vulnerability, which stems from a command...

Apache Commons OGNL Arbitrary Code Execution Vulnerability

Apache Commons OGNL is a Java library from the American Apache Apache Foundation. A security vulnerability exists in Apache Commons OGNL Ognl.getValue, which originates from incorrectly filtering input parameters, and can be exploited by a remote attacker to submit a special request, which can be...

Tenda AC6 /goform/getproductInfo Information Disclosure Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. The Tenda AC6 suffers from an information disclosure vulnerability that originates from the...

Tenda AC6 Firmware Signature Verification Function Code Execution Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6, which stems from a problem with the firmware signatu...

TOTOLINK A3002R hostname parameter buffer overflow vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates in the hostname...

TOTOLINK A3002R macstr, bandstr and clientoff parameter command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from an OS command injection vulnerability that stems from the presence of...

Google ChromeV8 Engine Out-of-Bounds Write Vulnerability

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from a V8 Engine Out-of-Bounds Write vulnerability that...

Tenda AC6 Cloud API Function Stack Overflow Vulnerability

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. Tenda AC6 has a stack buffer overflow vulnerability, the vulnerability stems from the Cloud API function has...

TOTOLINK A3002R has an unspecified vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. The TOTOLINK A3002R suffers from a security vulnerability that stems from the use of insecure...

Siemens Simcenter Femap File Parsing Vulnerability

Simcenter Femap is an advanced simulation application for creating, editing and checking finite element models of complex products or systems. A file parsing vulnerability exists in Siemens Simcenter Femap and may be triggered when the application reads a file in STP or BMP file format. An attack...

Tenda AC6 Code Execution Vulnerability (CNVD-2025-20158)

Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6. The vulnerability stems from the presence of insecur...

Multiple Vulnerabilities in Third-Party Components Prior to SIEMENS SINEC OS V3.2

The RUGGEDCOM RST2428P is a SINEC OS-based Layer 2 Ethernet switch with up to 28 non-blocking interfaces.SCALANCE X switches are used for connecting industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. Multiple vulnerabilities exist in third-party...

Multiple Vulnerabilities in Siemens SINEC OS Third-Party Components

The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs. Multiple vulnerabilities exist...

Siemens COMOS Native Arbitrary Code Execution Vulnerability

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. A local arbitrary code execution vulnerability exists in Siemens COMOS, which can be...

TOTOLINK A3002R fw_ip parameter buffer overflow vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. A buffer overflow vulnerability exists in the TOTOLINK A3002R. The vulnerability stems from the fwip...

Delta Electronics DIAEnergie Cross-Site Scripting Vulnerability (CNVD-2025-22954)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics China for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizin...

Siemens SIPROTEC 5 Compact 7SX800 (CP050) Local USB Port Network Packet Bandwidth Limit Improperly Vulnerability

The SIPROTEC 5 Compact 7SX800 CP050 offers a range of integrated protection, control, measurement and automation functions for substations and other applications. The Siemens SIPROTEC 5 Compact 7SX800 CP050 suffers from an improper bandwidth limitation of network packets on the local USB port...

Delta Electronics DIAEnergie Cross-Site Scripting Vulnerability (CNVD-2025-22956)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics China for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizin...

Delta Electronics DIAEnergie Cross-Site Scripting Vulnerability (CNVD-2025-22955)

Delta Electronics DIAEnergie is an industrial energy management system from Delta Electronics China for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizin...

SIEMENS Desigo CC family and SENTRON Powermanager elevation of privilege vulnerability

The Desigo CC product range includes Desigo CC, an integrated building management platform for managing high-performance buildings, Desigo CC Compact, a tailored solution for small and medium-sized buildings, Desigo CC Connect, a software gateway based on the Desigo CC platform, and Cerberus DMS ...

SIEMENS BFCClient has multiple vulnerabilities

SIEMENS BFCClient is to provide equipment networking services to help manufacturing companies achieve cost reduction and efficiency through equipment data collection, visualization and analysis. SIEMENS BFCClient has multiple vulnerabilities that can be exploited by attackers to read memory...

Elevation of Privilege Vulnerability in Multiple SIEMENS Products

SIMATIC Information Server is used to report and visualize process data stored in SIMATIC Process Historian.SIMATIC PDM MS provides independent field device management, diagnostics, and data acquisition functions across a wide range of communication protocols that are independent of the automatio...

Siemens POWER METER SICAM Q100/Q200 Information Disclosure Vulnerability

SIEMENS POWER METER SICAM Q100 and Siemens POWER METER SICAM Q200 are multifunctional power quality recorders from Siemens. An information disclosure vulnerability exists in the Siemens POWER METER SICAM Q100/Q200, which can be exploited by an attacker to extract the password of an SMTP account a...

Siemens RUGGEDCOM APE1808 Nozomi Guardian/CMC Vulnerability

RUGGEDCOM APE1808 is an industrial-grade application hosting platform. The Siemens RUGGEDCOM APE1808 suffers from a Nozomi Guardian/CMC vulnerability that can be exploited by an attacker to execute unauthorized arbitrary operating system commands...

Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC) Multiple Vulnerabilities

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. Multiple vulnerabilities exist in the Siemens RUGGEDCOM CROSSBOW Station Access Controller SAC, which can be exploited by attackers to execute arbitrary code or cau...

Multiple Vulnerabilities in SIEMENS Opcenter Quality Modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit

Opcenter Quality is a quality management system QMS that enables organizations to safeguard compliance, optimize quality, reduce defects and rework costs, and achieve operational excellence by improving process stability. Its integrated process capabilities control charts, statistics, quality gat...

Tenda M3 /goform/getMasterPassengerAnalyseData File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 there is a stack buffer overflow vulnerability, the vulnerability stems from /goform/getMasterPassengerAnalyseData file in the...

Siemens SINEC Traffic Analyzer Multiple Vulnerabilities

SINEC Traffic Analyzer is a network management tool provided by Siemens for network traffic monitoring, performance analysis and troubleshooting. The tool supports the configuration and management of industrial network devices such as SCALANCE and RUGGEDCOM, helping users to optimize network...

soosyze brute force login vulnerability

soosyze is Soosyze open source a content management system . soosyze has a brute force vulnerability , the vulnerability stems from the /user/login endpoint lack of rate limiting and locking mechanism , an attacker can use this vulnerability to cause brute force attack...

NVIDIA Megatron-LM Code Injection Vulnerability

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that originates in a tool component and can be exploited by an attacker to modify the...

NVIDIA NeMo library path traversal vulnerability

NVIDIA NeMo library is a library of deep learning tools from NVIDIA. The NVIDIA NeMo library suffers from a path traversal vulnerability, which originates in the model loading component, that can be exploited by an attacker to obtain sensitive files by accessing locations outside of a restricted...

NVIDIA Apex Code Injection Vulnerability

NVIDIA Apex is a set of utility kits from NVIDIA. NVIDIA Apex suffers from a code injection vulnerability, which originates in a Python component, that can be exploited by an attacker to perform malicious operations and compromise system stability by bypassing security mechanisms...

NVIDIA Megatron-LM Code Injection Vulnerability (CNVD-2025-19536)

NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that originates in the megatron/training/arguments.py component, which can be exploited b...

NVIDIA Merlin Transformers4Rec Code Injection Vulnerability

NVIDIA Merlin Transformers4Rec is a software for building serialized and conversational recommender systems from NVIDIA. NVIDIA Merlin Transformers4Rec suffers from a code injection vulnerability, which originates from a Python dependency, that can be exploited by an attacker to perform malicious...

NVIDIA WebDataset OS Command Injection Vulnerability

NVIDIA WebDataset is a high-performance data storage method from NVIDIA. NVIDIA WebDataset suffers from an operating system command injection vulnerability that can be exploited by an attacker to bypass the authentication process and take over the accounts of other web application users under...