Complete Online Beauty Parlor Management System /search-invoices.php File Cross-Site Scripting Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...

IBM Concert Information Disclosure Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from...

Delta Electronics DVP-12SE11T Improper Input Validation Vulnerability

Delta Electronics DVP-12SE11T is a networked mainframe from Delta Electronics China. The Delta Electronics DVP-12SE11T suffers from an improper input validation vulnerability that can be exploited by an attacker to cause a denial of service...

Delta Electronics DVP15MC11T Denial of Service Vulnerability

The Delta Electronics DVP15MC11T is a multi-axis motion controller from Delta Electronics China. A denial of service vulnerability exists in the Delta Electronics DVP15MC11T, which stems from improper validation of modbus/tcp packets and can be exploited by an attacker to cause a denial of servic...

Tenda M3 /goform/setInternetLanInfo File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the file / goform / setInternetLanInfo function...

Refugee Food Management System SQL Injection Vulnerability

Refugee Food Management System is a refugee food management system. Refugee Food Management System suffers from a SQL injection vulnerability that stems from the incorrect manipulation of parameter a in the file /home/addusers.php, no details of the vulnerability are available at this time...

Delta Electronics DVP-12SE11T Out-of-Bounds Write Vulnerability

Delta Electronics DVP-12SE11T is a networked mainframe from Delta Electronics China. The Delta Electronics DVP-12SE11T is vulnerable to an out-of-bounds write vulnerability, no details of the vulnerability are available at this time...

D-Link DWR-M920 sub_423848 function buffer overflow vulnerability

The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub423848 in the file /boafrm/formParentControl, for which no...

IBM Concert Competitive Conditions Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from a competitive condition vulnerability that stems from a...

TRENDnet TEW-822DRE Command Injection Vulnerability

The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the function subF934 in the file NTPSyncWithHost.cgi, which can be exploited by an attacker to execute arbitrary command...

TRENDnet TEW-800MB Command Injection Vulnerability

The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the parameter WizardConfigured in the file /goform/wizardset, which can be exploited by an attacker to execute arbitrary...

JeecgBoot getParameterMap function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of the parameter departI...

Soda PDF Desktop Code Execution Vulnerability (CNVD-2026-06108)

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing Word files without...

JeecgBoot queryPageList function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of parameter deptId in t...

Soda PDF Desktop Out-of-Bounds Read Vulnerability

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop has an out-of-bounds read vulnerability that stems from a lack of validation of user-supplied data when parsing PDF files, which can be...

Soda PDF Desktop Code Execution Vulnerability (CNVD-2026-06110)

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop suffers from a code execution vulnerability that stems from allowing dangerous scripts to be executed when processing XLS files without us...

JeecgBoot getDeptRoleByUserId function information leakage vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot suffers from an information disclosure vulnerability, which originates from a misbehavior of the parameter...

JeecgBoot /datarule file authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot suffers from an authorization issue vulnerability that stems from improper authorization in the file...

JeecgBoot getDeptRoleList function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot suffers from an authorization issue vulnerability, which stems from improper authorization of the parameter...

Google Chrome Insufficient Policy Enforcement Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an Insufficient Policy Enforcement vulnerability, which stems from a failure to strictly enforce established security policy constraints when handling WebView tags, resulting in some high-privilege pages not being...

Soda PDF Desktop Code Execution Vulnerability

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. A code execution vulnerability exists in Soda PDF Desktop, which stems from the implementation of a Launch action that allows the execution of dangerous...

JeecgBoot loadDatarule function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot suffers from an authorization issue vulnerability that originates from improper authorization of the function...

ComfyUI-Manager CRLF Injection Vulnerability

ComfyUI is a popular node-based Stable Diffusion GUI widely used for building and executing AI image generation workflows.ComfyUI-Manager is an extension manager plugin for ComfyUI to simplify the management of installations of custom nodes, models and dependencies. ComfyUI-Manager suffers from a...

JeecgBoot queryDepartPermission function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of parameter departId in...

JeecgBoot getPositionUserList function authorization issue vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot suffers from an authorization issue vulnerability that stems from improper authorization of the...

TinyFileManager Path Traversal Vulnerability

TinyFileManager is a web-based file manager. It is used to store, upload, edit and manage files and folders online through a web browser. TinyFileManager has a path traversal vulnerability that stems from the parameter fullpath in the file tinyfilemanager.php failing to correctly filter special...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2026-35542)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2026-33516)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Tenda M3 /goform/exeCommand File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the wrong operation of the parameter cmdinput in the file...

Tenda M3 /goform/setAdInfoDetail File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the parameter...

Tenda M3 /goform/setVlanInfo File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the incorrect operation of the parameters ID, vlan and port in...

Tenda M3 /goform/setAdPushInfo File Stack Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the incorrect operation of the parameter mac/terminal in the...

Command Execution Vulnerability in U8 Cloud of UFIDA Network Technology Corporation (CNVD-C-2026-26052)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A command execution vulnerability exists in UFIDA U8 Cloud, which can be...

SQL injection vulnerability in U8+ Channel Management (Advanced Edition) at UFIDA Network Technology Co. Ltd (CNVD-C-2025-1245200)

U8+ Channel Management Advanced Edition is a set of channel management software, together with U8+ supply chain system and financial system, extending the enterprise management radius from the internal enterprise to the distribution channels and sales terminals. A SQL injection vulnerability exis...

College Notes Uploading System /login.php File SQL Injection Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System suffers from a SQL injection vulnerability that originates from the mishandling of the User parameter operation by an unknown handler function in the /login.php file. An attacker can use this...

College Notes Uploading System Code Issue Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System has a code issue vulnerability that stems from an unknown function in the /dashboard/userprofile.php file that mishandles the image parameter. An attacker can exploit this vulnerability to upload...

WordPress PixelYourSite Information Disclosure Vulnerability

WordPress PixelYourSite is a tracking plugin that supports WordPress business owners. WordPress PixelYourSite suffers from an information disclosure vulnerability that stems from a lack of protection for publicly exposed log files when the Meta API logging setting is enabled disabled by default. ...

WordPress Advanced Ads Code Execution Vulnerability

WordPress Advanced Ads is an ad management plugin for WordPress designed to help website owners manage, optimize, and monetize their websites efficiently. WordPress Advanced Ads suffers from a code execution vulnerability that arises due to insufficient validation of user input by the...

Student File Management System download.php File SQL Injection Vulnerability

Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System due to mishandling of the istoreid parameter by an unknown function module in the /download.php file. An attacker can use this vulnerability to obtain or tamp...

WordPress Docket Cache plugin file inclusion vulnerability

WordPress Docket Cache plugin is a tool that focuses on object caching acceleration to improve website performance. A file inclusion vulnerability exists in WordPress Docket Cache plugin, which stems from not effectively filtering calls to local file resources, and can be exploited by an attacker...

Command Execution Vulnerability in RG-EST350 V2 of Beijing StarNet Ruijie Network Technology Co.

Ruijie EST350-V2 is a wireless outdoor bridge product supporting 802.11ac protocol, which is designed for the business of video transmission or data transmission in the scenarios of tower crane, factory, scenic spot, park, planting base, fishpond aquaculture base, construction site, etc. Ruijie...

WordPress WC Builder Cross-Site Scripting Vulnerability

WordPress WC Builder is a WooCommerce page builder designed for WordPress websites. A cross-site scripting vulnerability exists in WordPress WC Builder that stems from improper input neutralization during page generation, and no detailed vulnerability details are provided at this time...

WordPress User Submitted Posts plugin open to redirection vulnerability

WordPress User Submitted Posts plugin is a WordPress plugin that allows website visitors to submit post content via a front-end form that includes features such as title, tags, categories, author information, URL, body text and image uploads. WordPress User Submitted Posts plugin suffers from an...

WordPress Real 3D FlipBook plugin cross-site scripting vulnerability

WordPress Real 3D FlipBook plugin is a plugin for WordPress website, which uses WebGL technology to convert PDF files or images into flipbook animations with realistic 3D effects, simulating the page turning experience of a real book, including page bending, light and shadow and shadow effects...

WordPress Diza plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Diza plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

WordPress AutomatorWP plugin SQL injection vulnerability

WordPress AutomatorWP plugin is an open source automation plugin designed for WordPress that allows users to connect different WordPress plugins, sites and applications in a code-free way to create automated workflows. WordPress AutomatorWP plugin suffers from a SQL injection vulnerability that...

WordPress Bold Timeline Lite plugin cross-site scripting vulnerability

WordPress Bold Timeline Lite plugin is a free plugin designed for creating dynamic timeline content on WordPress websites. The WordPress Bold Timeline Lite plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress Astra Widgets plugin cross-site scripting vulnerability

WordPress Astra Widgets plugin is a widgets extension plugin developed by the Astra Themes team to enhance the functionality of Astra themes. WordPress Astra Widgets plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

WordPress Membership For WooCommerce plugin authorization bypass vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization bypass vulnerability exists in the WordPress Membership For WooCommerce plugin that originates from an authorization bypass via a user-controlled key, which can...