130931 matches found
WordPress Neom Blog Cross-Site Scripting Vulnerability
WordPress Neom Blog is a theme Theme for the WordPress platform, which is mainly used to create responsive websites, supporting the rapid construction of blogs, news, magazines, official corporate websites and other types of websites through a visual interface. WordPress Neom Blog suffers from a...
MongoDB Server Authorization Issues Vulnerability (CNVD-2025-15515)
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.7,...
MongoDB Server Resource Management Error Vulnerability (CNVD-2025-15516)
MongoDB Server is a distributed document database system from MongoDB. A resource management error vulnerability exists in MongoDB Server versions prior to 8.0 through 8.0.10 that stems from inefficient memory management for internal operations. An attacker could exploit this vulnerability to cau...
UTT Progressive 750W Unauthenticated Password Change Vulnerability
The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from an unauthenticated password change vulnerability, which originates from an unauthenticated password change due to...
UTT Progressive 750W Buffer Overflow Vulnerability (CNVD-2026-02644)
The UTT Progress 750W is an enterprise-grade dual-band wireless router from Atech Technology UTT, which is aimed at SMB network environments. The UTT Progress 750W suffers from a buffer overflow vulnerability, which originates from the operation of the strcpy function in the file /goform/setSysAd...
TOTOLINK N300RH Denial of Service Vulnerability
TOTOLINK N300RH is a long-range wireless router from China's TOTOLINK, supporting the IEEE 802.11n standard with a maximum wireless transmission rate of 300Mbps. A denial of service vulnerability exists in the TOTOLINK N300RH, which originates from the incorrect operation of the parameter url in...
Google ChromeOS Elevation of Privilege Vulnerability
Google ChromeOS is an operating system from the American company Google. Google ChromeOS suffers from an elevation of privilege vulnerability that originates from debug shell accessibility, which can be exploited by an attacker to access restricted system functions and data via elevation of...
WordPress ads pro cross-site request forgery vulnerability
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro has a cross-site request forgery vulnerability, which...
MongoDB Server Log Information Disclosure Vulnerability (CNVD-2025-15517)
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 8.0.5,...
WordPress Forminator Forms Code Issue Vulnerability
WordPress Forminator Forms is a powerful free form builder plugin that supports the creation of many types of interactive forms. WordPress Forminator Forms suffers from a code issue vulnerability that stems from deserializing untrusted inputs in the function entrydeleteuploadfiles, which can be...
WordPress web-cam cross-site scripting vulnerability
WordPress web-cam is a plugin for integrating instant photo taking feature in WordPress website, by calling user's device camera to realize real-time photo taking feature. WordPress web-cam suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping,...
WordPress GC Social Wall Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress GC Social Wall, which stems from insufficient input cleanup and output escaping, and can be exploited by an attacke...
WordPress Tournament Bracket Generator Cross-Site Scripting Vulnerability
WordPress Tournament Bracket Generator is a plugin for generating fixture maps for the knockout stages of tournaments. A cross-site scripting vulnerability exists in WordPress Tournament Bracket Generator, which stems from insufficient input cleanup and escaping, and can be exploited by an attack...
WordPress WP Optimize By xTraffic Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...
WordPress ads pro SQL injection vulnerability (CNVD-2025-15421)
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...
WordPress ads pro SQL injection vulnerability (CNVD-2025-15420)
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability that stems...
WordPress Soumettre.fr Authorization Issues Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An authorization issue vulnerability exists in WordPress Soumettre.fr, which stems from an improper authorization check in the makesignature function, and can be exploited ...
WordPress ads pro SQL Injection Vulnerability
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...
WordPress Magic Buttons for Elementor Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Magic Buttons for Elementor that stems from insufficient input cleanup and output escaping of user-supplied...
WordPress Magic Buttons for Elementor Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Magic Buttons for Elementor, which stems from insufficient input cleanup and output escaping of user-supplied...
WordPress Vikinger Path Traversal Vulnerability
WordPress Vikinger is a WordPress blog theme developed by a foreign developer. WordPress Vikinger has a path traversal vulnerability that stems from insufficient file path validation in the function vikingerdeleteactivitymediaajax, which can be exploited by an attacker to tamper with the system...
WordPress ads pro SQL Injection Vulnerability
WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...
WordPress WP Front-end login and register cross-site scripting vulnerability
WP Front-end login and register is a WordPress front-end account management plugin, mainly used in the front-end of the site to achieve user registration, login and password change functions, without having to jump to the WordPress background. WordPress WP Front-end login and register has a...
WordPress Lead Form Data Collection to CRM plugin elevation of privilege vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lead Form Data Collection to CRM plugin, which stems from a missing capability check in the function...
MongoDB Server Resource Management Error Vulnerability
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 6.0.23,...
Simple forum forum_viewfile.php file SQL Injection Vulnerability
Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Name in the file /forumviewfile.php. An attacker can exploit this vulnerability to execute illegal SQL commands...
Simple forum /forum_edit1.php file cross-site scripting vulnerability
Simple forum is a simple forum. Simple forum suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter text in the file /forumedit1.php, which can be exploited by an attacker to execute arbitrary Web scrip...
Library System profile.php File SQL Injection Vulnerability
Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...
Simple forum forum_downloadfile.php path traversal vulnerability
Simple forum is a simple forum. Simple forum suffers from a path traversal vulnerability, which stems from the parameter filename in the file /forumdownloadfile.php failing to properly filter for special elements in the path of a resource or file. An attacker can exploit this vulnerability to cau...
Library System student-issue-book.php File SQL Injection Vulnerability
Library System is a library system. The Library System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter reg in the file /student-issue-book.php. An attacker can exploit this vulnerability to execute illeg...
Library System Code Issue Vulnerability
Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /profile.php. An attacker can exploit this vulnerability to upload malicious files...
Medical Card Generation System Cross-Site Scripting Vulnerability
Medical Card Generation System is a medical card generation system. A cross-site scripting vulnerability exists in Medical Card Generation System, which stems from improper cleanup of the contact page name field and can be exploited by an attacker to inject malicious JavaScript...
Simple forum signin.php file SQL injection vulnerability
Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter User in the file /signin.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...
WeGIA SQL Injection Vulnerability (CNVD-2025-17294)
WeGIA is a web manager for welfare organizations from the individual developer Nilson Lazarin. WeGIA suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the almox parameter of the /controle/getProdutosPorAlmox.php endpoint. An...
WordPress Plugin Abandoned Contact Form Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Abandoned Contact Form, which stems from a lack ...
D-Link DIR-823-Pro Improper Privilege Control Vulnerability
D-Link DIR-823-Pro is a dual-band intelligent wireless router with quad-antenna design, supporting 802.11ac Gigabit Wi-Fi technology and wireless rate up to 1200Mbps, which can meet the high bandwidth demand for HD video playback, online games and so on. The D-Link DIR-823-Pro suffers from an...
Simple forum forum_edit.php file SQL Injection Vulnerability
Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter iii in file /forumedit.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
Simple forum code issue vulnerability
Simple forum is a simple forum. Simple forum has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to upload malicious files...
Medical Card Generation System Manage Card Function Cross-Site Request Forgery Vulnerability
Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from a cross-site request forgery vulnerability that stems from the lack of CSRF protection in the Manage Card feature, which can be exploited by an attacker to send a simple GET request...
WordPress Aioseo Multibyte Descriptions plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Aioseo Multibyte Descriptions plugin, which stems from a WEB application that does not adequately validate tha...
WordPress Additional Order Filters for WooCommerce plugin Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Additional Order Filters for WooCommerce plugin, which stems from the WEB application not adequately verifying...
WordPress Add & Replace Affiliate Links for Amazon plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Add & Replace Affiliate Links for Amazon plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...
WordPress A/B Testing for WordPress plugin cross-site scripting vulnerability
WordPress A/B Testing for WordPress plugin is a plugin for A/B testing in WordPress websites, which is mainly used to help optimize website conversions by comparing the effects of different page elements such as titles, button colors, content, etc.. The WordPress A/B Testing for WordPress plugin...
Tenda AC6 Buffer Overflow Vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 V15.03.05.19 and earlier versions, which stems from the fromNatStaticSetting function failing to properly validate the length of the input data, and can be exploited by remote...
Local Services Search Engine Management System SQL Injection Vulnerability
Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of the editid parameter in the file...
HDF5 Resource Management Error Vulnerability
HDF5 is a library of HDF open source . A security vulnerability exists in HDF5 version 1.14.6, which stems from a confusion about the instruction in the function H5FLreggclist in the file src/H5FL.c that is responsible for freeing memory. An attacker can exploit this vulnerability to potentially...
HDF5 src/H5Gnode.c file buffer overflow vulnerability
HDF5 is a library of HDF open source . HDF5 version 1.14.6 there is a buffer overflow vulnerability , the vulnerability stems from the file src/H5Gnode.c function H5Gnodecmp3 fails to correctly validate the length of the input data size , a remote attacker can use this vulnerability on the system...
HDF5 src/H5Centry.c file buffer overflow vulnerability
HDF5 is a library of HDF open source . HDF5 version 1.14.6 there is a buffer overflow vulnerability , the vulnerability stems from the file src/H5Centry.c function H5Cflushsingleentry fails to correctly validate the length of the input data size , a remote attacker can use this vulnerability on t...
Simple forum forum1.php file SQL Injection Vulnerability
Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...
Apache Seata Deserialization Vulnerability
Apache Seata is the United States Apache Apache Foundation of a microservices architecture in the United States to provide high-performance and easy to use distributed transaction services in the open source project . A deserialization vulnerability exists in Apache Seata versions prior to 2.0.0 ...