Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
CnvdRecent
RecentMost viewed

130931 matches found

CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

WordPress Shared Files Plugin Cross-Site Scripting Vulnerability

WordPress and WordPress Plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Shared Files Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

7.2CVSS6.5AI score0.00305EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

WordPress Golo plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in WordPress Golo plugin that stems from not properly authenticating a user and can be exploited by an attacker to cause an...

9.8CVSS7AI score0.00434EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

TOTOLINK X2000R service_type parameter cross-site scripting vulnerability

The TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X2000R suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter servicetype in the file /boafrm/formPortFw. No...

4.8CVSS6.4AI score0.00277EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

TOTOLINK X2000R Device Name Parameter Cross-Site Scripting Vulnerability

TOTOLINK X2000R is a wireless router from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK X2000R, which stems from the lack of effective filtering and escaping of user-supplied data by the Device Name parameter in the component Parent Controls Page,...

4.8CVSS6.4AI score0.00279EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

TOTOLINK A3002RU MAC Filtering Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the MAC Filtering Page component parameter Comment, for...

5.4CVSS6.6AI score0.00291EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

TOTOLINK A3002RU IP Port Filtering Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the IP Port Filtering Page component parameter Comment,...

4.8CVSS6.4AI score0.00334EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

Apache InLong Deserialization Vulnerability (CNVD-2025-12411)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong versions 1.13.0 to 2.1.0 has a deserialization vulnerability , the vulnerability stems from the application in the...

6.5CVSS7AI score0.00671EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•6 views

WordPress File Provider plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress File Provider plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker...

9.8CVSS8AI score0.00475EPSS
Exploits3References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

WordPress Element Pack Pro plugin cross-site request forgery vulnerability

WordPress Element Pack Pro plugin is a WordPress editor plugin extension plugin that is mainly used to enhance and extend the functionality and design capabilities of WordPress websites. The WordPress Element Pack Pro plugin suffers from a cross-site request forgery vulnerability that stems from...

4.3CVSS7AI score0.00121EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

Mattermost Permission Issues Vulnerability

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a privilege issue vulnerability that stems from insufficient privilege validation, which can be exploited by an attacker to access team invitation IDs...

5.3CVSS7AI score0.00265EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Fortinet FortiPortal Log Message Disclosure Vulnerability

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a log information disclosure vulnerability that originat...

2.7CVSS6.6AI score0.00209EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•4 views

Fortinet FortiOS Out-of-Bounds Read Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An out-of-bounds read vulnerabili...

3.7CVSS6.9AI score0.00626EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•4 views

Fortinet FortiClientWindows Information Disclosure Vulnerability

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An information disclosure...

3.7CVSS6.7AI score0.0045EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

Dairy Farm Shop Management System /sales-report-details.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter fromdate/todate in the file...

9.8CVSS8.3AI score0.00648EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•4 views

Dell PowerStore Trust Management Issues Vulnerabilities

Dell PowerStore is a scalable all-flash array storage from Dell USA. A trust management issue vulnerability exists in Dell PowerStore version 4.0.0.0, which stems from the use of hard-coded credentials and can be exploited by an attacker to cause unauthorized access...

6.5CVSS6.9AI score0.00266EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2025-12296)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium has an information disclosure...

6.5CVSS6.3AI score0.00294EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

IBM Cloud Pak for Security and IBM QRadar Suite Information Disclosure Vulnerabilities

IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster.IBM QRadar Suite is an integrated security information and event management SIEM solution for...

4CVSS6.2AI score0.00162EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

WordPress WP Extended plugin cross-site scripting vulnerability

WordPress WP Extended plugin is a powerful WordPress plugin designed to extend the core WordPress functionality with all the essential tools needed to manage a professional WordPress website. WordPress WP Extended plugin suffers from a cross-site scripting vulnerability that stems from the...

6.4CVSS6.4AI score0.00244EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2025-12298)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...

5.3CVSS6.2AI score0.00294EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Fortinet FortiClientMAC Authorization Issue Vulnerability (CNVD-2025-12790)

Fortinet FortiClientMAC is a U.S. fly tower Fortinet company based on macOS platform security tools. Fortinet FortiClientMAC suffers from an authorization issue vulnerability that stems from improper authorization and can be exploited by an attacker to cause elevation of privilege via a specially...

7.8CVSS7.1AI score0.00173EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

WordPress Smash Balloon Social Photo Feed plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Smash Balloon Social Photo Feed plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

5.4CVSS6.4AI score0.00188EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

WordPress Bold Page Builder plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

6.4CVSS6.4AI score0.00333EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

Freescout Permission Issues Vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a privilege issue vulnerability that stems from improper checking of...

8.1CVSS7AI score0.00406EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

WordPress Easy Digital Downloads plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Easy Digital Downloads plugin, which stems from the application's lack of effective filtering and escaping of...

6.4CVSS6.4AI score0.00284EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

IBM Cloud Pak for Security and IBM QRadar Suite Code Injection Vulnerabilities

IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster.IBM QRadar Suite is an integrated security information and event management SIEM solution for...

7.2CVSS7.2AI score0.00536EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2025-12297)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an information disclosur...

4.3CVSS6.5AI score0.00249EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-321946)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

7.6AI score
Exploits0
CNVD
CNVD•added 2025/06/11 12:0 a.m.•5 views

Unspecified Vulnerability in SAMSUNG Cloud for Galaxy Watch

SAMSUNG Cloud for Galaxy Watch is a data backup tool from Samsung South Korea. SAMSUNG Cloud for Galaxy Watch suffers from a security vulnerability that stems from improper default permissions, and no details of the vulnerability have been provided...

6.8CVSS7.3AI score0.00124EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•6 views

Apache Tomcat Security Bypass Vulnerability (CNVD-2025-16619)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. A security bypass vulnerability exists in Apache Tomcat due to improper handling of a case-sensitive vulnerability in the GCI servle...

7.3CVSS6.7AI score0.02608EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

Delta Electronics CNCSoft Out-of-Bounds Write Vulnerability

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics China. An out-of-bounds write vulnerability exists in Delta Electronics CNCSoft, which can be exploited by an attacker to execute arbitrary code on the system...

7.3CVSS8AI score0.00214EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

Apache InLong Security Bypass Vulnerability (CNVD-2026-00041)

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong suffers from a security bypass vulnerability, which is caused by an insecure deserialization flaw. An attacker exploi...

6.5CVSS7AI score0.00671EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Traffic Offense Reporting System save-settings.php file cross-site scripting vulnerability

Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the sitename parameter in the save-settings.php file...

5.4CVSS6.4AI score0.00268EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Dairy Farm Shop Management System /search-product.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter productname in the file...

9.8CVSS7.8AI score0.00683EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Hospital Management System edit-patient.php file cross-site scripting vulnerability

Hospital Management System a PHP and MySQL based hospital management system. Hospital Management System has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the parameter patname in the file /doctor/edit-patient.php,...

5.4CVSS4.1AI score0.00267EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Notice Board System forgot-password.php File SQL Injection Vulnerability

Notice Board System is a bulletin board system. The Notice Board System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the file /forgot-password.php parameter email. An attacker can exploit this vulnerability to execute...

9.8CVSS7.9AI score0.00454EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•5 views

Esri Portal For ArcGis Cross-Site Request Forgery Vulnerability

Esri Portal For ArcGis is a core component of ArcGIS Enterprise that is used to share maps, scenes, applications, and geographic information within an organization, enabling centralized management of and access to the content through a web site. A cross-site request forgery vulnerability exists i...

9.1CVSS6.8AI score0.00395EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

TOTOLINK A3002RU Virtual Server Page Component Cross-Site Scripting Vulnerability

TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the Virtual Server Page component parameter servicetype...

4.8CVSS6.4AI score0.00352EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

WordPress Broken Link Checker plugin unauthorized access vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Broken Link Checker plugin, which stems from a lack of a capability check that can be exploited by an attacker to...

4.3CVSS6.8AI score0.00237EPSS
Exploits0References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Dairy Farm Shop Management System /profile.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber in the file...

9.8CVSS7.9AI score0.0052EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Dairy Farm Shop Management System /bwdate-report-details.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the fromdate/todate parameter in the file /bwdate-report-details.php for externally...

9.8CVSS7.9AI score0.0052EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Dairy Farm Shop Management System /add-company.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter companyname in the file...

9.8CVSS7.9AI score0.00498EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Rail Pass Management System /download-pass.php File SQL Injection Vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /download-pass.php. An attacker can...

9.8CVSS8.3AI score0.00402EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Curfew e-Pass Management System /index.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. The Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /index.php. An attacker can...

9.8CVSS8.3AI score0.00399EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Curfew e-Pass Management System /admin/view-pass-detail.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter viewid in file /admin/view-pass-detail.php. An...

9.8CVSS8.3AI score0.00399EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Curfew e-Pass Management System /admin/edit-category-detail.php File SQL Injection Vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-category-detail.ph...

9.8CVSS8.3AI score0.00399EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•3 views

NETGEAR WNR614 Improper Authentication Vulnerability

The NETGEAR WNR614 is a wireless router for home and small office environments with basic network management features and 150Mbps wireless transmission performance. The NETGEAR WNR614 suffers from an improper authentication vulnerability that originates from an input to currentsetting.htm, which...

9.8CVSS7AI score0.00805EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Freescout set function deserialization vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from the fact that through t...

8.6CVSS8AI score0.00787EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•2 views

Freescout String Formatting Vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a string formatting vulnerability that stems from insufficient validati...

7CVSS6.9AI score0.00333EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•1 views

Auto Taxi Stand Management System SQL Injection Vulnerability

Auto Taxi Stand Management System is an auto cab stand management system. Auto Taxi Stand Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter searchdata. An attacker can exploit this vulnerability ...

9.8CVSS8.1AI score0.00448EPSS
Exploits1References1
CNVD
CNVD•added 2025/06/11 12:0 a.m.•4 views

Delta Electronics CNCSoft out-of-bounds write vulnerability (CNVD-2025-12363)

Delta Electronics CNCSoft is a CNC machine simulation system software from Delta Electronics China. Delta Electronics CNCSoft suffers from an out-of-bounds write vulnerability, which could be exploited by an attacker to cause arbitrary code to be executed in the current process environment...

7.3CVSS7.6AI score0.00202EPSS
Exploits0References1
Total number of security vulnerabilities130931