130931 matches found
WordPress ANON::form embedded secure form plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress ANON::form embedded secure form plugin that stems from the application's lack of effective filtering and escaping of...
WordPress Anant Addons for Elementor plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Anant Addons for Elementor plugin, which stems from the application's lack of effective filtering and escaping of...
WordPress Plugin 3D FlipBook Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin FlipBook 1.16.15 and previous versions exist cross-site scripting vulnerability, the...
TOTOLINK EX1200T /boafrm/formTmultiAP file buffer overflow vulnerability
The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. TOTOLINK EX1200T suffers from a buffer overflow vulnerability, which originates from the parameter submit-url in the file /boafrm/formTmultiAP failing to...
TOTOLINK A3002R /boafrm/formRoute File Stack Buffer Overflow Vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a stack buffer overflow vulnerability, which originates from the parameter subnet in the file /boafrm/formRoute failing to correctly validate the length and size of the input data, which...
TOTOLINK A702R Buffer Overflow Vulnerability (CNVD-2025-14524)
The TOTOLINK A702R is a router device manufactured by China's Gion Electronics TOTOLINK. The TOTOLINK A702R suffers from a buffer overflow vulnerability that stems from the improper handling of the parameter submit-url in the file /boafrm/formIpv6Setup. No detailed vulnerability details are...
TOTOLINK EX1200T Buffer Overflow Vulnerability
The TOTOLINK EX1200T is a dual-band wireless signal amplifier that is primarily used to extend the coverage of an existing wireless network. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability that stems from the HTTP POST request handler mishandling the parameter submit-url. No...
TOTOLINK CA300-PoE Command Injection Vulnerability
The TOTOLINK CA300-PoE is a wireless access point device manufactured by China's Gion Electronics TOTOLINK. TOTOLINK CA300-PoE suffers from a command injection vulnerability that stems from the improper handling of the parameter FileName in the file upgrade.so, no details of the vulnerability are...
Autel MaxiCharger AC Wallbox Commercial Command Execution Vulnerability
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a command execution vulnerability that stems from a bleprocessesp32msg function input misinterpretation, which can be exploited by an attacker to cau...
Autel MaxiCharger AC Wallbox Commercial Access Control Error Vulnerability
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from an Access Control Error vulnerability that stems from a lack of authentication in the Pile API, which can be exploited by an attacker to cause a credenti...
Autel MaxiCharger AC Wallbox Commercial Information Disclosure Vulnerability
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...
Autel MaxiCharger AC Wallbox Commercial Buffer Overflow Vulnerability (CNVD-2025-14948)
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from a USB framed packet that fails to properly validate the length and size of the input data, which can ...
Autel MaxiCharger AC Wallbox Commercial Buffer Overflow Vulnerability (CNVD-2025-14947)
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. The Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from a JSON message that fails to properly validate the length and size of the input data, which can be...
Autel MaxiCharger AC Wallbox Commercial Buffer Overflow Vulnerability
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from the bleprocessesp32msg function failing to properly validate the length size of input data, which can be...
WordPress Zoomsounds plugin file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Zoomsounds plugin that originates from allowing unauthenticated users to upload arbitrary files to a web server. No details o...
School Fees Payment System student.php File SQL Injection Vulnerability
School Fees Payment System is a tuition payment system. The School Fees Payment System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /student.php. An attacker can exploit this vulnerability...
PDF-XChange Editor Memory Misreference Vulnerability (CNVD-2025-16314)
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. PDF-XChange Editor suffers from a memory misreference vulnerability that can be exploited by an attacker to execute code in the context of the current process...
D-Link DIR-619L Stack Buffer Overflow Vulnerability (CNVD-2025-14221)
The D-Link DIR-619L is a wireless router from China's AUO D-Link. The D-Link DIR-619L suffers from a stack buffer overflow vulnerability caused by incorrect boundary checking in function formSetWANTypeWizard5 in file /goform/formSetWANTypeWizard5. An attacker could exploit this vulnerability to...
Art Gallery Management System changeimage3.php File SQL Injection Vulnerability
Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editid in the file /admin/changeimage3.php. An attacker can...
Bus Pass Management System admin-profile.php file cross-site scripting vulnerability
Bus Pass Management System is a bus pass management system. Bus Pass Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the profile name parameter in the file /admin/admin-profile.php, which can...
WordPress CodePen Embed Block plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CodePen Embed Block plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
Simple Online Hotel Reservation System add_room.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter roomtype in the file...
WordPress ElementsKit Elementor Addons and Templates plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress ElementsKit Elementor Addons and Templates plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering a...
PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16293)
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...
Pre-School Enrollment System add-subadmin.php File SQL Injection Vulnerability
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter sadminusername in the file...
Inventory Management System createBrand.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter brandStatus of file /phpaction/createBrand.php. An attacker can...
COVID19 Testing Management System Take Action Component Cross-Site Scripting Vulnerability
COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter mark in the file...
PDF-XChange Editor Code Execution Vulnerability (CNVD-2025-16302)
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. A code execution vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execu...
WordPress Beaver Builder plugin code issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Beaver Builder plugin that stems from a lack of file type validation, which can be exploited by an attacker to cause an...
Art Gallery Management System changeimage1.php File SQL Injection Vulnerability
Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editid in the file /admin/changeimage1.php. An attacker can...
TOTOLINK A3002R Command Injection Vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the parameter wlanif in the file /boafrm/formWlSiteSurvey failing to correctly filter constructed command special characters, commands, a...
WordPress SiteOrigin Widgets Bundle plugin cross-site scripting vulnerability
WordPress SiteOrigin Widgets Bundle is a powerful WordPress plugin that provides a rich set of highly customizable widgets for enhancing the layout and functionality of your website, supporting a wide range of page builders and editors to help users easily create professional and beautiful...
Online Bidding System details.php File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of file /details.php. An attacker can exploit this vulnerability to execute illega...
PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16312)
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which can be exploited by attackers to obtain sensitive information...
WordPress AI Engine plugin has unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unspecified vulnerability exists in WordPress AI Engine plugin that stems from a lack of capability checking, which can be exploited by attackers to cause unauthorized data...
WordPress Everest Forms plugin has an unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the ordPress Everest Forms plugin that stems from insufficient path validation of the deleteentryfiles function, which can be exploited by an...
Inventory Management System editCategories.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the editCategoriesName parameter in the /phpaction/editCategories.php file for externally entered SQL statements. An...
Simple Online Hotel Reservation System confirm_reserve.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter transactionid in the file...
Simple Pizza Ordering System portal.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /portal.php. An attacker can exploit this vulnerability...
PDF-XChange Editor Out-of-Bounds Write Vulnerability (CNVD-2025-22248)
PDF-XChange Editor is a PDF file viewing software from PDF-XChange running on Microsoft Windows systems. PDF-XChange Editor suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context of the current process...
PDF-XChange Editor Information Disclosure Vulnerability
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...
Pre-School Enrollment System Project update-class-pic.php File Directory Traversal Vulnerability
The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-class-pic.php when processing directory requests, and can...
Pre-School Enrollment System add-class.php File SQL Injection Vulnerability
Pre-School Enrollment System is a web-based preschool enrollment system. The Pre-School Enrollment System suffers from a SQL injection vulnerability that originates from the lack of validation of the classname parameter in the file /admin/add-class.php for externally entered SQL statements. An...
PDF-XChange Editor Information Disclosure Vulnerability (CNVD-2025-16298)
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...
Online Hotel Reservation System execedituser.php File SQL Injection Vulnerability
Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /admin/execedituser.php. A...
Online Bidding System Administrator File SQL Injection Vulnerability
Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aduser in the file /administrator. An attacker can exploit this vulnerability to...
D-Link DIR-619L /formAdvanceSetup File Stack Buffer Overflow Vulnerability
The D-Link DIR-619L is a wireless router from China's AUO D-Link. A stack buffer overflow vulnerability exists in the D-Link DIR-619L /formAdvanceSetup file, which is caused by improper boundary checking. An attacker could exploit this vulnerability to cause a buffer overflow, execute arbitrary...
Online Shoe Store admin_running.php File SQL Injection Vulnerability
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that stems from improper handling of the parameter qty in the file /admin/adminrunning.php resulting in SQL injection. No details of the vulnerability are available at this time...
Cisco ISE and ISE-PIC Injection Vulnerabilities
Cisco ISE and Cisco ISE-PIC are both products of the U.S. Cisco Cisco.Cisco ISE is the identity services engine introduced by Cisco, mainly used for network access control and security management.Cisco ISE-PIC is the passive identity connector of the Cisco Identity Services Engine, which is mainl...
Information Disclosure Vulnerability in H3C BR3000W
The H3C BR3000W is a WiFi6 dual-band Gigabit wireless router designed for home and business scenarios. The H3C BR3000W suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...