Apple macOS Sequoia and Apple macOS Sonoma have unspecified vulnerabilities

Apple macOS Sequoia and Apple macOS Sonoma are both operating systems from the American company Apple. Apple macOS Sequoia and Apple macOS Sonoma contain a security vulnerability that can be exploited by attackers to access sensitive user data...

IBM Informix Dynamic Server Cross-Site Scripting Vulnerability

IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides clustered data centers with features such as continuous data availability and disaster recovery. A cross-site scripting vulnerability exists in IBM Informix Dynam...

Unspecified Vulnerability in Apple iOS/iPadOS (CNVD-2025-17891)

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and Apple iPadOS contain a security vulnerability that originates from improper state management and...

Apple macOS Access Control Error Vulnerability (CNVD-2025-18452)

Apple macOS is a specialized operating system developed by Apple for Mac computers. An access control error vulnerability exists in Apple macOS, which can be exploited by an attacker to read files outside of the sandbox...

Unspecified Vulnerability in Apple macOS (CNVD-2025-22277)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by an attacker to gain root access...

GLPI Permission License and Access Control Issues Vulnerability

GLPI is an open source IT asset and service management software suite that provides ITIL service desk functionality, license tracking and software auditing capabilities. A security vulnerability exists in GLPI versions 0.65 through 10.0.18, which originates from a technician being able to utilize...

Exam Form Submission delete_s8.php file SQL injection vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes8.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

Dell SmartFabric OS10 Software Security Feature Issue Vulnerability

Dell SmartFabric OS10 Software is network operating system software developed by Dell for automated configuration and management of data center network architectures. A security vulnerability exists in Dell SmartFabric OS10 Software versions prior to 10.6.0.5, which stems from fixed credentials...

Online Farm System /forgot_pass.php File SQL Injection Vulnerability

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /forgotpass.php. An attacker can exploit this vulnerability to execute illeg...

HCL IEM Information Disclosure Vulnerability (CNVD-2025-20022)

HCL IEM is an intelligent event management platform from HCL India. HCL IEM suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

WordPress Mine CloudVod Cross-Site Scripting Vulnerability

WordPress Mine CloudVod is a plugin for audio and video playback and online education management. WordPress Mine CloudVod suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping, which can be exploited by an attacker to inject malicious...

WordPress Post Grid Master Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Post Grid Master, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

WordPress WP Wallcreeper Authorization Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An authorization issue vulnerability exists in WordPress WP Wallcreeper, which stems from a lack of capability checking in the adminnotices hook, and can be exploited by an...

WordPress Get Youtube Subs Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Get Youtube Subs, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

WordPress AI Engine Information Disclosure Vulnerability

WordPress AI Engine is a plugin based on OpenAI technology, which is mainly used to integrate artificial intelligence features into WordPress websites to improve the efficiency of content generation, automated operations and so on. WordPress AI Engine suffers from an information disclosure...

WordPress Security Ninja Arbitrary File Read Vulnerability

WordPress Security Ninja is a plugin that focuses on website security protection, providing automated security scanning, login protection, IP blocking, and two-factor authentication to help users proactively identify security risks and prevent hacker attacks. WordPress Security Ninja has an...

WordPress iThoughts Advanced Code Editor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress iThoughts Advanced Code Editor, which stems from missing or incorrect random number validation, and can be...

WordPress Station Pro Cross-Site Scripting Vulnerability

WordPress Station Pro is a plugin designed for the WordPress platform, mainly used to enhance the functionality of the website and provide audio streaming management solutions. WordPress Station Pro suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and...

WordPress structured content cross-site scripting vulnerability

WordPress structured content is a technology that improves search result display and click-through rates by optimizing semantic markup of web page elements e.g., titles, descriptions, images, etc. to enhance search engine understanding of page content. A cross-site scripting vulnerability exists ...

WordPress WP Applink Cross-Site Scripting Vulnerability

WordPress WP Applink is a WordPress plugin for generating iTunes affiliate links, which is mainly used for embedding promotional links to iTunes products such as iPhone, iPad, Mac apps and music, movies and so on in posts. WordPress WP Applink suffers from a cross-site scripting vulnerability tha...

WordPress WP Get The Table Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress WP Get The Table, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

WordPress WebinarIgnition Authentication Bypass Vulnerability

WordPress WebinarIgnition is an open source plugin for WordPress that focuses on creating real-time interactive webinars. WordPress WebinarIgnition suffers from an authentication bypass vulnerability that stems from a lack of capability checking, which can be exploited by an attacker to generate...

WordPress Taeggie Feed Cross-Site Scripting Vulnerability

WordPress Taeggie Feed is a plugin on WordPress that is mainly used to integrate social media content into a website, supporting dynamic syndication on platforms like Facebook, Instagram, Twitter and LinkedIn. WordPress Taeggie Feed suffers from a cross-site scripting vulnerability that originate...

Tenda AC8V4 Buffer Overflow Vulnerability (CNVD-2025-17342)

The Tenda AC8V4 is a wireless router from Tenda China. The Tenda AC8V4 suffers from a buffer overflow vulnerability that originates from a heap buffer overflow in the mac parameter in /goform/GetParentControlInfo, which can be exploited by an attacker to crash the system by corrupting the memory...

Tenda AC8V4 Buffer Overflow Vulnerability (CNVD-2025-17343)

The Tenda AC8V4 is a wireless router from Tenda China. Tenda AC8V4 suffers from a buffer overflow vulnerability that originates from a stack buffer overflow in the shareSpeed parameter in /goform/WifiGuestSet, no detailed vulnerability details are provided at this time...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18564)

Adobe Experience Manager is an application developed by Adobe for creating, organizing and publishing digital content. It helps organizations manage their websites, mobile applications and other digital experiences more easily through an integrated interface. Users can utilize different tools and...

WordPress WPBakery Page Builder for WordPress Cross-Site Scripting Vulnerability

WordPress WPBakery Page Builder for WordPress is a powerful visual page builder plugin for the WordPress platform, providing an intuitive drag-and-drop interface and a wealth of preset templates, so that non-professional developers can quickly build responsive websites. WordPress WPBakery Page...

Tenda AC8V4 Buffer Overflow Vulnerability (CNVD-2025-17344)

The Tenda AC8V4 is a wireless router from Tenda China. Tenda AC8V4 suffers from a buffer overflow vulnerability that originates from a stack buffer overflow in the timeZone parameter in /goform/fastsettingwifiset, no detailed vulnerability details are provided at this time...

WordPress Supreme Addons for Beaver Builder Cross-Site Scripting Vulnerability

WordPress Supreme Addons for Beaver Builder is a plugin that extends the functionality of the Beaver Builder page builder, mainly for enhancing its visual editing capabilities and module extensions. A cross-site scripting vulnerability exists in WordPress Supreme Addons for Beaver Builder, which...

WordPress Voltax Video Player Cross-Site Scripting Vulnerability

WordPress Voltax Video Player is a video plugin for the WordPress platform, developed by Minute Media, which is mainly used to embed videos and playlists from Minute Media's online video platform into WordPress websites. WordPress Voltax Video Player suffers from a cross-site scripting...

WordPress FunnelCockpit Cross-Site Scripting Vulnerability

WordPress FunnelCockpit is an open source tool for tracking and analyzing the entire process of lead generation from initial contact to final closing, developed on the WordPress platform. WordPress FunnelCockpit suffers from a cross-site scripting vulnerability that stems from insufficient input...

WordPress Affiliate Plus Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress Affiliate Plus, which stems from missing or incorrect random number validation, and can be exploited by an...

IBM DB2 for Linux Denial of Service Vulnerability

IBM Db2 for Linux is a relational database management system developed by IBM and designed for the Linux operating system to provide high-performance, highly reliable data storage and management services. A denial of service vulnerability exists in IBM DB2 for Linux, which can be exploited by an...

Pre-School Enrollment System SQL Injection Vulnerability

Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the /admin/password-recovery.php file not adequately validating the username parameter. An attacker can exploit this...

MedDream PACS Premium Security Bypass Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A security bypass vulnerability exists in MedDream PACS Premium that stems from improper default permissions in the CServerSettings::SetRegistryValues function, which can be exploited by an...

MedDream PACS Premium Access Control Error Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from an Access Control Error vulnerability that is caused by an error in the login.php function. An attacker can exploit the vulnerability to elevate privileges...

JetBrains TeamCity Information Disclosure Vulnerability (CNVD-2025-22935)

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from an information disclosure vulnerability th...

NETGEAR XR300 Stack Buffer Overflow Vulnerability (CNVD-2025-20497)

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

Exam Form Submission update_s3.php File SQL Injection Vulnerability

Exam Form Submission is an exam form. Exam Form Submission has a SQL injection vulnerability that stems from improper handling of the credits parameter in the /admin/updates3.php file. No details of the vulnerability are provided at this time...

Online Ordering System File Upload Vulnerability

Online Ordering System is an online ordering system. A file upload vulnerability exists in Online Ordering System, which stems from the image parameter in the /admin/product.php file not effectively limiting file uploads. No details of the vulnerability are available at this time...

NETGEAR XR300 Stack Buffer Overflow Vulnerability

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

JetBrains TeamCity Cross-Site Request Forgery Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from a cross-site request forgery vulnerability...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10671)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the radiationDoseReport.php function. No detailed...

JetBrains TeamCity Cross-Site Request Forgery Vulnerability

JetBrains TeamCity is a Continuous Integration CI/CD tool developed by JetBrains, Inc. to automate the software build, test and deployment process. JetBrains TeamCity suffers from a cross-site request forgery vulnerability that stems from a security flaw in the GitHub application connection...

Unspecified Vulnerability in FileBrowser

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from a flaw in the authentication system that can be exploit...

FileBrowser Denial of Service Vulnerability

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a denial of service vulnerability , the vulnerability stems from a flaw in the file handling log...

Small CRM Session Hijacking Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a session hijacking vulnerability that stems from the /crm/change-password.php component not terminating a session properly. No details of the vulnerability are available at this time...

Car Rental Project Session Hijacking Vulnerability

Car Rental Project is a car rental program. Car Rental Project suffers from a session hijacking vulnerability that stems from the /carrental/update-password.php component not properly terminating a session. No details of the vulnerability are provided at this time...

Bank Locker Management System Session Hijacking Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /banker/change-password.php. No detailed vulnerability details are available at this time...

e-Diary Management System Session Hijacking Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a session hijacking vulnerability that stems from improper session invalidation of the component /edms/change-password.php. No details of the vulnerability are available at this time...