School Fees Payment System student.php File Cross-Site Scripting Vulnerability

School Fees Payment System is a tuition payment system. School Fees Payment System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the sname/contact/about/emailid/transcationremark parameter of the student.php...

D-Link DIR-619L Buffer Overflow Vulnerability (CNVD-2025-17356)

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n wireless standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from the parameter curTime in the fi...

Online Hotel Reservation System messageexec.php File SQL Injection Vulnerability

Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /messageexec.php. The...

PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16294)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

Online Bidding System login.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter User in the file /login.php. An attacker can exploit this vulnerability to execute...

WordPress CSV Importer Improved plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CSV Importer Improved plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

Online Shoe Store admin_feature.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter productcode in the file /admin/adminfeature.php. An attacker can exploit this...

TOTOLINK EX1200T setStaticDhcpConfig Function Stack Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. The TOTOLINK EX1200T suffers from a stack buffer overflow vulnerability that originates from the failure of the function setStaticDhcpConfig in the file...

Art Gallery Management System edit-art-medium-detail.php File SQL Injection Vulnerability

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-art-medium-detail.php. A...

PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16295)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

School Fees Payment System fees.php file cross-site scripting vulnerability

School Fees Payment System is a tuition payment system. School Fees Payment System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter translationremark in the file /fees.php, which can be exploited ...

GNU ncurses buffer overflow vulnerability

GNU ncurses is an American GNU community programming library for creating user interfaces on text-based terminals. GNU ncurses suffers from a buffer overflow vulnerability that originates from a boundary error in the function postprocesstermcap when processing untrusted input. An attacker could...

D-Link DIR-867 Buffer Overflow Vulnerability

The D-Link DIR-867 is a wireless router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-867 version 1.0, which originates from the failure of the strncpy function in the component Query String Handler to correctly validate the length of the input data, and can be...

D-Link DIR-815 Buffer Overflow Vulnerability

The D-Link DIR-815 is a wireless router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-815 version 1.01, which originates from the failure of the function sub403794 in the file hedwig.cgi to correctly validate the length and size of the input data, and can be...

D-Link DIR-632 Buffer Overflow Vulnerability

The D-Link DIR-632 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-632 FW103B08 version, which originates from the failure of the parameter Content-Length of the function getpurecontent in the component HTTP POST Request Handler to correctly validate...

D-Link DIR-619L form_macfilter method buffer overflow vulnerability

The D-Link DIR-619L is a wireless router from China-based AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-619L version 2.06B01, which stems from the formmacfilter method failing to properly validate the length size of the input data, and can be exploited by a remote attacker ...

Dell PowerScale OneFS Elevation of Privilege Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. An elevation of privilege vulnerability exists in Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 due to a lack of authorization in NFS exports. An attack...

Apache Traffic Server Resource Management Error Vulnerability (CNVD-2025-15620)

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. A resource management error vulnerability exists in Apache Traffic Server ATS versions 10.0.0 through 10.0.5 and 9.0.0 through 9.2.10, which stems from the ESI plugin not...

D-Link DIR-825 do_file function buffer overflow vulnerability

The D-Link DIR-825 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-825 version 2.03, which originates from the function dofile in the HTTP POST Request Handler component that fails to correctly validate the length and size of the input data, and can b...

PDF-XChange Editor Memory Misreference Vulnerability

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from a memory misreference vulnerability that can be exploited by an attacker to execute code in the context of the current process...

PDF-XChange Editor Memory Misreference Vulnerability (CNVD-2025-16313)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from a memory misreference vulnerability that can be exploited by an attacker to execute code in the context of the current process...

PDF-XChange Editor Heap Buffer Overflow Vulnerability (CNVD-2025-16305)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16303)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16300)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16299)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

PDF-XChange Editor Code Execution Vulnerability

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A code execution vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execu...

PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16292)

PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...

WordPress Esselink.nu Settings plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Esselink.nu Settings plugin, which stems from a WEB application that does not adequately validate that a reque...

WordPress Enhanced Blocks - Page Builder Blocks for Gutenberg plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in WordPress Enhanced Blocks - Page Builder Blocks for Gutenberg plugin, which stems from a lack of authorization, and no detaile...

WordPress Elessi plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Elessi plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

WordPress eDS Responsive Menu plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress eDS Responsive Menu plugin, which stems from a lack of authorization, and no detailed vulnerability details are...

WordPress Download Manager plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Download Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

WordPress Custom Post Carousels with Owl plugin has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress Custom Post Carousels with Owl plugin that stems from not cleaning up the data-featherlight attribute. An attacker can exploit t...

WordPress CRM ERP Business Solution plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress CRM ERP Business Solution plugin that stems from a lack of authorization, and no detailed vulnerability details...

WordPress Creative Contact Form Plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Creative Contact Form Plugin suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a...

WordPress CP Polls plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress CP Polls plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...

WordPress Cookie-Script.com plugin improper access control vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Cookie-Script.com plugin suffers from an Improper Access Control vulnerability that stems from a lack of authorization, no details of the vulnerability are provided at...

WordPress ContentStudio plugin improper access control vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress ContentStudio plugin that stems from a lack of authorization, and no detailed vulnerability details are provided...

WordPress Contact Form 7 AWeber Extension plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Contact Form 7 AWeber Extension plugin, which stems from a lack of authorization, and no detailed vulnerability...

WordPress Code Engine plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Code Engine plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress ClipLink plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress ClipLink plugin, which arises from a web application that does not adequately validate that a request is comin...

WordPress Classified Listing plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Classified Listing plugin that stems from not doing effective filtering of local file resource calls, which can be exploit...

WordPress Change Cart button Colors WooCommerce plugin Cross Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Change Cart button Colors WooCommerce plugin, which arises from a web application that does not adequately...

WordPress Buying Buddy IDX CRM plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Buying Buddy IDX CRM plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress Bluff Post plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Bluff Post plugin that stems from the WEB application not adequately verifying that a request is from a truste...

WordPress Better Random Redirect plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Better Random Redirect plugin has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data...

WordPress Automatically Hierarchic Categories in Menu plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Automatically Hierarchic Categories in Menu plugin, which stems from the application's lack of effective filtering a...

WordPress Auto Upload Images plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Auto Upload Images plugin that stems from the server not implementing an adequate authentication mechanism to confirm the orig...

WordPress ATP Call Now plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ATP Call Now plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress App Builder plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress App Builder plugin suffers from an improper access control vulnerability that stems from a lack of authorization, and no detailed vulnerability details are provide...