SAMSUNG MagicINFO 9 Server XML External Entity References Improperly Restricted Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung South Korea. SAMSUNG MagicINFO 9 Server suffers from an improperly restricted XML external entity reference vulnerability that can be exploited by attackers to obtain...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20803)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

Unspecified Vulnerability in SAMSUNG MagicINFO 9 Server (CNVD-2025-20070)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A security vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from the use of hard-coded credentials, and can be exploited by an attacker to cause...

Unspecified Vulnerability in SAMSUNG MagicINFO 9 Server

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A security vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from the use of hard-coded credentials, and can be exploited by an attacker to cause...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20802)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20806)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that stems from an improper restriction of restricted directory pathnames. An attacker cou...

SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20078)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that originates from improper path restrictions and can be exploited by an attacker to...

SAMSUNG MagicINFO 9 Server Code Injection Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a code injection vulnerability that originates from improper code generation control and can be exploited by an attacker ...

SAMSUNG MagicINFO 9 Server Path Traversal Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20074)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung South Korea. A path traversal vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from an improperly restricted path, and can be exploited by an attacker to...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which originates from allowing the upload of dangerous types of files and can be exploited by a...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20800)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

SAMSUNG MagicINFO 9 Server path traversal vulnerability (CNVD-2025-20801)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. SAMSUNG MagicINFO 9 Server suffers from a path traversal vulnerability that stems from not strictly limiting restricted directory pathnames. An attacker could...

IBM Engineering Systems Design Rhapsody Stack Buffer Overflow Vulnerability (CNVD-2026-07119)

IBM Engineering Systems Design Rhapsody is a model-driven development MDD environment for systems engineering and software development provided by IBM. IBM Engineering Systems Design Rhapsody suffers from a stack buffer overflow vulnerability that stems from the program not properly checking...

IBM Engineering Systems Design Rhapsody Stack Buffer Overflow Vulnerability

IBM Engineering Systems Design Rhapsody is a model-driven development MDD environment for systems engineering and software development provided by IBM. IBM Engineering Systems Design Rhapsody suffers from a stack buffer overflow vulnerability that stems from the program not properly checking...

Tenda AC23 Buffer Overflow Vulnerability

Tenda AC23 is a high performance wireless router from Tenda Technology. A buffer overflow vulnerability exists in Tenda AC23 version 16.03.07.52, which originates from the mishandling of the deviceList parameter in the sub46C940 function in the httpd component/goform/setMacFilterCfg file. An...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20804)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16836)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

Unspecified Vulnerability in WordPress Stop User Enumeration plugin

WordPress Stop User Enumeration plugin is a security plugin for WordPress, mainly used to detect and prevent hackers from scanning website usernames user enumeration attack to get the login name, which is the pre-detection behavior of brute force password cracking attack. A security vulnerability...

WordPress Sala Missing Authorization Vulnerability

WordPress Sala is a WordPress theme designed for startups, SaaS services, software technology and more. WordPress Sala suffers from a missing authorization vulnerability that can be exploited by an attacker to cause access to features that are not restricted by ACLs...

WordPress Torod SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Torod suffers from a SQL injection vulnerability that stems from improper handling of special elements of SQL commands, which can be exploited by an attacker to...

WordPress WP Pipes SQL Injection Vulnerability

WordPress WP Pipes is an auto-collection plugin for WordPress, mainly used to merge the content of multiple RSS feeds into a new RSS feed, and supports regular updates and customized filtering features. WordPress WP Pipes suffers from a SQL injection vulnerability that stems from improper handlin...

TOTOLINK T6 Missing Authentication Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a lack of authentication vulnerability that stems from the setTelnetCfg function of the /cgi-bin/cstecgi.cgi file in the component...

D-Link DI-8100 Buffer Overflow Vulnerability

The D-Link DI-8100 is an enterprise-class router from D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 1.0, which originates from an insufficient checksum of parameter mx in the sprintf function in the /ddns.asp?opt=add file of component jhttpd. The vulnerability can b...

D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-16670)

The D-Link DIR-513 is a wireless router device manufactured by D-Link. A buffer overflow vulnerability exists in the D-Link DIR-513 version 1.0, which originates from improper handling of the curTime parameter in the sprintf function of the /goform/formLanSetupRouterSettings file in the Boa...

D-Link DI-8100 Buffer Overflow Vulnerability (CNVD-2025-16668)

The D-Link DI-8100 is an enterprise-class router device from D-Link. A buffer overflow vulnerability exists in the D-Link DI-8100 version 1.0, which originates from the improper handling of the parameters removeextproto/removeextport by the sprintf function in the /upnpctrl.asp file of the...

D-Link DIR-513 Buffer Overflow Vulnerability

The D-Link DIR-513 is a wireless router device manufactured by D-Link. The D-Link DIR-513 version 1.10 suffers from a buffer overflow vulnerability that originates from improper handling of the curTime parameter in the sprintf function in the Boa Webserver component/goform/formSetWanNonLogin file...

Microsoft SharePoint Server Spoofing Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A spoofing vulnerability exists in...

Microsoft SharePoint Server Remote Code Execution Vulnerability

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...

WordPress Hestia Missing Authorization Vulnerability

WordPress Hestia is a free corporate theme for the WordPress platform, developed by ThemeIsle. The theme is known for its clean and generous design, responsive layout and rich functionality, supporting drag-and-drop page editing, SEO optimization and other features, which is suitable for quickly...

WordPress FG Drupal to WordPress Cross-Site Request Forgery Vulnerability

WordPress FG Drupal to WordPress is a plugin tool for migrating Drupal website content to WordPress, which supports the import of basic content such as articles, images, etc., but the free version does not include the comment import function. WordPress FG Drupal to WordPress suffers from a...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16747)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-16763)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DWG files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17030)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

Online Appointment Booking System adddoctor.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System has a SQL injection vulnerability that originates from improper handling of the parameter Username in the file /admin/adddoctor.php, which can be exploited by an attacker to obtain sensiti...

WordPress HT Contact Form 7 File Inclusion Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A file inclusion vulnerability exists in WordPress HT Contact Form 7, which stems from improper file name control and can be exploited by an attacker to cause a PHP native...

Dell AppSync Injection Vulnerability

Dell AppSync is a data backup and recovery management software from Dell. An XML External Entity Reference Improper Restriction vulnerability exists in Dell AppSync version 4.6.0.0, which stems from improper handling of XML external entity parsing. An attacker could exploit this vulnerability to...

GNU Tar Directory Traversal Vulnerability

GNU Tar is a set of tools for creating tar-formatted files from the American GNU community. GNU Tar suffers from a directory traversal vulnerability that originates in a specially crafted TAR archive, which can be exploited by an attacker to access locations outside of restricted directories and...

WordPress Product XML Feed Manager for WooCommerce Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress Product XML Feed Manager for WooCommerce, which can be exploited by an attacker to cause the exploitation of a...

WordPress Easy Video Player Wordpress & WooCommerce Path Traversal Vulnerability

WordPress Easy Video Player Wordpress&WooCommerce is a responsive video player plugin designed for WordPress and WooCommerce, supporting local video playback, cloud platform video streaming, 360 degree video and virtual reality playback. WordPress Easy Video Player Wordpress&WooCommerce suffers...

WordPress Yogi Deserialization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a set of blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL, and WordPress plugin is an application plugin. WordPress Yogi suffer...

WordPress HTML5 Radio Player-WPBakery Page Builder Addon Path Traversal Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A path traversal vulnerability exists in the WordPress HTML5 Radio Player-WPBakery Page Builder Addon, which stems from improperly restricted pathnames, and no detailed...

WordPress WPGYM SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress WPGYM suffers from a SQL injection vulnerability that stems from improper handling of special elements of SQL commands, no details of the vulnerability are provid...

WordPress Invico-WordPress Consulting Business Theme Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Invico-WordPress Consulting Business Theme, which stems from improper handling of inputs during web page generation...

WordPress Bold Page Builder Cross-Site Scripting Vulnerability

WordPress Bold Page Builder is a free and open source page builder plugin that allows users to quickly create custom page layouts through a drag and drop interface without writing code. WordPress Bold Page Builder suffers from a cross-site scripting vulnerability that originates from improper inp...

WordPress Cost Calculator Authorization Issue Vulnerability

WordPress Cost Calculator is a plugin for creating quote or cost estimation forms, which is mainly used to help users calculate prices based on different parameters in real time and generate professional quotes. WordPress Cost Calculator suffers from an authorization issue vulnerability that stem...

WordPress News Kit Elementor Addons Missing Authorization Vulnerability

WordPress News Kit Elementor Addons is a visual page builder plugin designed for WordPress websites, mainly for creating news or blog sites. A lack of authorization vulnerability exists in WordPress News Kit Elementor Addons that stems from improperly configured access control, and no details of...

WordPress JetTabs Cross-Site Scripting Vulnerability

WordPress JetTabs is a plugin for Elementor page builder, mainly used to add stylish tabs and tabs functionality to WordPress websites, supports building rich content and customizing styles through Elementor widgets. WordPress JetTabs suffers from a cross-site scripting vulnerability that stems...

WordPress FluentSnippets Cross-Site Request Forgery Vulnerability

WordPress FluentSnippets is an open source project , mainly used to provide WordPress developers to create custom themes function code snippets . WordPress FluentSnippets suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a...

WordPress JetFormBuilder Deserialization Vulnerability

WordPress JetFormBuilder is a free plugin for the WordPress platform, mainly used to quickly build all kinds of forms through a drag-and-drop interface, supporting the Gutenberg editor design. WordPress JetFormBuilder has a deserialization vulnerability that stems from deserializing untrustworthy...