Intern Membership Management System /add_activity.php File SQL Injection Vulnerability

Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the Title parameter in the file /intern/admin/addactivity.php for externally entered SQL...

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the failure of the serviceName2 parameter in the fromAdvSetMacMtuWan function to proper...

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the mac2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate th...

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the cloneType2 parameter in the fromAdvSetMacMtuWan function failing to properly valida...

WordPress WP-Members Membership plugin cross-site scripting vulnerability

WordPress WP-Members Membership plugin is an open source membership plugin for WordPress that is mainly used to create membership sites with restricted content. WordPress WP-Members Membership plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Microsoft Excel Access Control Error Vulnerability

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain features...

Microsoft Excel Code Execution Vulnerability (CNVD-2026-08746)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to remotely execute code...

WordPress Stopwords for comments plugin cross-site request forgery vulnerability

The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...

Microsoft Graphics Component Resource Management Error Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. An attacker could exploit this vulnerability to gain elevated privileges...

WordPress Sosh Share Buttons plugin cross-site request forgery vulnerability

WordPress Sosh Share Buttons plugin is a social media sharing plugin for WordPress websites. WordPress Sosh Share Buttons plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the adminpagecontent function, no details of the...

WordPress SocialChamp with WordPress plugin cross-site request forgery vulnerability

WordPress SocialChamp with WordPress plugin is a plugin called SocialChamp which focuses on social media automation management. WordPress SocialChamp with WordPress plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the...

WordPress Shipping Rate By Cities plugin SQL Injection Vulnerability

WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...

WordPress SearchWiz plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress SearchWiz plugin that stems from the use of escattr instead of eschtml to output post titles in search results, whic...

WordPress LinkedIn SC plugin cross-site scripting vulnerability

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

WordPress Internal Link Builder plugin cross-site scripting vulnerability

WordPress Internal Link Builder plugin is a tool used to help webmasters create internal links on WordPress sites. WordPress Internal Link Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Gotham Block Extra Light plugin path traversal vulnerability

The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. A path traversal vulnerability exists in the WordPress Gotham Block Extra Light plugin, which stems from the mishandling of the ghostban shortcode, and...

WordPress Gotham Block Extra Light plugin cross-site scripting vulnerability

The WordPress Gotham Block Extra Light plugin is a tool for detecting if ad blocking software such as AdBlock is enabled in a visitor's browser. The WordPress Gotham Block Extra Light plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress GetContentFromURL plugin server-side request forgery vulnerability

The WordPress GetContentFromURL plugin is a tool that allows users to grab content from other websites and display it on WordPress sites with a simple short code. The WordPress GetContentFromURL plugin suffers from a server-side request forgery vulnerability that stems from the use of the...

WordPress AJS Footnotes plugin cross-site scripting vulnerability

WordPress AJS Footnotes plugin is a plugin for WordPress designed to add aesthetically pleasing footnote features to posts or pages. The WordPress AJS Footnotes plugin suffers from a cross-site scripting vulnerability that stems from the lack of valid filtering and escaping of notelistclass and...

Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the mac parameter of the sub65B5C function failing to properly validate the length size of the input data, which can be exploited by an attacker to cau...

Tenda AX1806 sub_65A28 function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the serviceName parameter of the sub65A28 function failing to properly validate the length size of the input data, which can be exploited by an attacke...

GPAC vobsub_get_subpic_duration function buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a buffer overflow vulnerability that stems from the vobsubgetsubpicduration function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

GPAC pcmreframe_flush_packet function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC has a stack buffer overflow vulnerability that stems from the pcmreframeflushpacket function failing to properly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

GPAC ghi_dmx_declare_opid_bin function heap buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a heap buffer overflow vulnerability that stems from the ghidmxdeclareopidbin function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...

GPAC Stack Buffer Overflow Vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the dmxsaf function failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of service...

Cyber Cafe Management System add-users.php Endpoint SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the username parameter of the add-users.php endpoint not adequately validating user input, no details of the vulnerability are available at...

Cyber Cafe Management System adminprofile.php Endpoint SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the adminprofile.php endpoint's adminname parameter not being sufficiently cleaned of user input, no details of the vulnerability are availab...

WordPress Float Payment Gateway plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Float Payment Gateway plugin that stems from mishandling of errors and can be exploited by an attacker to...

WordPress Aplazo Payment Gateway plugin missing privileges vulnerability

WordPress Aplazo Payment Gateway plugin is a payment gateway plugin for WooCommerce stores that allows customers to choose "buy now, pay later" payment method at the time of purchase. A lack of privileges vulnerability exists in WordPress Aplazo Payment Gateway plugin, which can be exploited by a...

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10674)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

Huawei HarmonyOS Card Framework Module Multi-threaded Contest Condition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded race condition vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause availabili...

GPAC vorbis_to_intern function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the vorbistointern function failing to correctly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10679)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability (CNVD-2026-10873)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

Microsoft Windows File Explorer Information Disclosure Vulnerability

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2026-18590)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. The Dell PowerProtect Data Domain suffers from an operating system command injection vulnerability that originates from improper...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11773)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

Microsoft Windows Management Services Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Management Services due to concurrent execution in Management Services using shared resources with incorrect...

Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CNVD-2026-17152)

Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Windows Ancillary Function Driver for WinSock, which is caused by freeing memory in the WinSock Ancillary Function...

Wondershare Dr. Fone Code Issue Vulnerability

Wondershare Dr. Fone is a one-stop solution for cell phones from China's Wanxing Wondershare. A code issue vulnerability exists in Wondershare Dr. Fone, which stems from an unquoted service path that can be exploited by an attacker to cause a local user to execute arbitrary code and elevate syste...

TRENDnet TEW-811DRU Operating System Command Injection Vulnerability

The TRENDnet TEW-811DRU is a wireless router from TRENDnet. The TRENDnet TEW-811DRU suffers from an operating system command injection vulnerability that stems from a misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause...

Microsoft Windows SMB Server Elevation of Privilege Vulnerability (CNVD-2026-10678)

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. An elevation of privilege vulnerability exists in Microsoft Windows SMB Server due to...

Tenda AX1806 sub_65B5C function stack buffer overflow vulnerability

The Tenda AX1806 is a WiFi6 wireless router from Tenda China. The Tenda AX1806 suffers from a stack buffer overflow vulnerability that stems from the sub65B5C function's wanSpeed parameter failing to properly validate the length size of the input data, which can be exploited by an attacker to cau...

WordPress Uploadify plugin code issue vulnerability

WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...

Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10673)

Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...

Mozilla Firefox and Mozilla Thunderbird have undisclosed vulnerabilities (CNVD-2026-23772)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...

Multiple Mozilla products have deception vulnerabilities (CNVD-2026-23776)

Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have deceptive vulnerabilities, which are...

Siemens Industrial Edge Devices authorization bypass vulnerability

Siemens Industrial Edge Devices are a series of industrial edge devices developed by the German company Siemens, used for on-site data processing and intelligent control. Siemens Industrial Edge Devices have a vulnerability related to authorization bypassing. This vulnerability stems from imprope...

Mozilla Firefox and Mozilla Thunderbird information leakage vulnerabilities (CNVD-2026-23770)

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...