3129 matches found
CVE-2025-14817 Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...
CVE-2025-36751
CVE-2025-36751 affects Growatt ShineLan-X and MIC 3300TL-X. The root cause is missing encryption on the configuration interface, enabling an attacker with network access to intercept and potentially manipulate the communication between the inverter and its cloud endpoint. The available connected ...
Currency Exchange System /editotheraccount.php File SQL Injection Vulnerability
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editotheraccount.php. An attacker can exploit this vulnerabili...
Student Management System /edit_user.php File SQL Injection Vulnerability
Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...
DEBIAN-CVE-2025-14306
A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by...
WordPress plugin Page View Count 安全漏洞
...
WordPress plugin ListingPro Lead Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Xagio SEO 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin PPOM for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin AuthorSure 跨站请求伪造漏洞
WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...
WordPress plugin WpEvently 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress Qi Blocks plugin cross-site scripting vulnerability
WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...
Student Record System admin-profile.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...
PHPGurukul Online Shopping Portal 安全漏洞
Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...
PT-2025-47029
Name of the Vulnerable Software and Affected Versions Brightpick versions affected versions not specified Description The Brightpick Internal Logic Control web interface is accessible without user authentication. This allows an unauthorized user to manipulate robot control functions. These...
WordPress plugin Survey Maker 安全漏洞
WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. A lack of authorization vulnerability exists in WordPress Survey Maker plugin, which can be exploited by ...
Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security
Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making ...
CVE-2025-8108
An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...
Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29078)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a lack of authentication. An...
CVE-2025-41341
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'iddenuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'...