WordPress Nika plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Nika plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

WordPress PowerPack Pro for Elementor plugin missing license vulnerability

WordPress PowerPack Pro for Elementor plugin is an Elementor page builder extension plugin designed for the WordPress platform. A lack of authorization vulnerability exists in WordPress PowerPack Pro for Elementor plugin, which can be exploited by an attacker to leverage a misconfigured access...

WordPress Premium Addons for Elementor Plugin Information Disclosure Vulnerability

WordPress Premium Addons for Elementor Plugin is a premium extension plugin developed for the Elementor page builder designed for WordPress websites. WordPress Premium Addons for Elementor Plugin suffers from an information disclosure vulnerability that stems from the exposure of sensitive system...

WordPress Prime Slider - Addons For Elementor plugin server-side request forgery vulnerability

WordPress Prime Slider - Addons For Elementor plugin is a free plugin for Elementor page builder designed to help users easily create various interactive responsive sliders. The WordPress Prime Slider - Addons For Elementor plugin suffers from a server-side request forgery vulnerability, which...

WordPress 6Storage Rentals plugin server-side request forgery vulnerability

WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...

WordPress Basticom Framework plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Basticom Framework plugin has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

WordPress Draft Notify plugin cross-site scripting vulnerability

WordPress Draft Notify plugin is a WordPress plugin for managing draft notifications on your WordPress site. The WordPress Draft Notify plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

WordPress Gift Hunt plugin cross-site scripting vulnerability

WordPress Gift Hunt plugin is a plugin for creating interactive scavenger hunts on WordPress websites. The WordPress Gift Hunt plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

WordPress H5P plugin missing authorization vulnerability

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

WordPress Icegram Express Pro plugin deserialization vulnerability

WordPress Icegram Express Pro plugin is an advanced email marketing automation tool designed for WordPress websites. WordPress Icegram Express Pro plugin suffers from a deserialization vulnerability that stems from unsafe deserialization of serialized data received by the application from users,...

WordPress Review Disclaimer plugin cross-site scripting vulnerability

The WordPress Review Disclaimer plugin is a tool for quickly inserting product or service review disclaimers on WordPress websites. The WordPress Review Disclaimer plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...

WordPress Tablesome plugin missing authorization vulnerability

WordPress Tablesome plugin is a feature-rich WordPress tables plugin that is mainly used to create responsive data tables and integrate multiple data sources. A lack of authorization vulnerability exists in WordPress Tablesome plugin, which can be exploited by an attacker to cause the exploitatio...

WordPress Tablesome plugin information disclosure vulnerability

WordPress Tablesome plugin is a feature-rich WordPress tables plugin that is mainly used to create responsive data tables and integrate multiple data sources. WordPress Tablesome plugin suffers from an information disclosure vulnerability that originates from inserting sensitive information into...

WordPress User Feedback plugin SQL Injection Vulnerability

WordPress User Feedback plugin is a tool designed for WordPress websites to create and manage user feedback forms, surveys and contact forms. WordPress User Feedback plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL...

WordPress HAPPY plugin missing authorization vulnerability

WordPress HAPPY plugin is a feature extension plugin for Elementor page builder. A lack of authorization vulnerability exists in WordPress HAPPY plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

WordPress Hostel plugin cross-site scripting vulnerability

WordPress Hostel plugin refers to a plugin designed specifically for WordPress websites. WordPress Hostel plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

WordPress Brands for WooCommerce Plugin SQL Injection Vulnerability

WordPress Brands for WooCommerce Plugin is a category of plugins for WordPress websites that specialize in helping WooCommerce online stores manage product brands. WordPress Brands for WooCommerce Plugin suffers from a SQL injection vulnerability that stems from the application's lack of validati...

WordPress Gravity Forms plugin file upload vulnerability

WordPress Gravity Forms plugin is a popular WordPress plugin for creating and managing various types of forms. A file upload vulnerability exists in the WordPress Gravity Forms plugin, which stems from the chunked upload feature failing to prevent dangerous file uploads, no details of the...

WordPress Brave plugin missing authorization vulnerability

WordPress Brave plugin by Brave Software develops Brave Browser Extensions for WordPress integration. A lack of authorization vulnerability exists in the WordPress Brave plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

WordPress Greenhouse Job Board plugin cross-site scripting vulnerability

The WordPress Greenhouse Job Board plugin is a tool for integrating job listings from the Greenhouse.io recruiting platform into your WordPress site. The WordPress Greenhouse Job Board plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress Chakra test plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Chakra test plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access contr...

WordPress Eight Day Week Print Workflow plugin Information Disclosure Vulnerability

WordPress Eight Day Week Print Workflow plugin is a tool designed for news organizations or publishing teams. The WordPress Eight Day Week Print Workflow plugin suffers from an information disclosure vulnerability that originates from allowing an unauthorized control field to retrieve embedded...

WordPress Evergreen Post Tweeter plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Evergreen Post Tweeter plugin suffers from a cross-site request forgery vulnerability that stems from the application's lack of effective filtering and escaping of...

Orangescrum Elevation of Privilege Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an elevation of privilege vulnerability, which stems from the application's failure to effectively verify the source of requests ...

CMSimple_XH Code Execution Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...

Orangescrum SQL Injection Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a SQL injection vulnerability that stems from insufficient validation of parameter inputs such as oldprojectid, projectid, uuid,...

Orangescrum Cross-Site Scripting Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079375)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W suffers from a buffer overflow vulnerability that originates fro...

CMSimple File Inclusion Vulnerability

CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079178)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1206330)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

IBM Concert Heap Memory Cleaning Improperly Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an improper heap memory cleanup vulnerability that can be...

CMSimple cross-site scripting vulnerability (CNVD-2026-0082457)

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

CMSimple Code Execution Vulnerability

CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...

NVIDIA Isaac Launchable Trust Management Issue Vulnerability

NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a trust management issue vulnerability that stems from improperly protected credentials...

CMSimple Cross-Site Scripting Vulnerability

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...

UTT Progressive 512W Buffer Overflow Vulnerability

The UTT Progress 512W is an enterprise-grade wireless router designed for small office or home office SOHO environments for network scenarios with up to 50 people. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates from the incorrect operation of the strcpy...

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079277)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W suffers from a buffer overflow vulnerability that originates fro...

NVIDIA Isaac Launchable Arbitrary Code Execution Vulnerability

NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a security vulnerability that stems from improper design and can be exploited by remote...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1203509)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

WordPress Vimeotheque Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

WordPress Fast User Switching Cross-Site Request Forgery Vulnerability

Fast User Switching is a plugin that allows site administrators to quickly switch between different user accounts, operating directly from the WordPress admin toolbar. WordPress Fast User Switching suffers from a cross-site request forgery vulnerability, and no details of the vulnerability are...

WordPress Funnelforms Free Missing License Vulnerability

Funnelforms Free is a free plugin that focuses on helping webmasters increase conversions through multi-step forms and contact forms. WordPress Funnelforms Free suffers from a lack of authorization vulnerability, which can be exploited by an attacker to perform an unauthorized operation via a...

WordPress My auctions allegro cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress My auctions allegro, which stems from improper input neutralization, and no detailed vulnerability details are provided ...

WordPress WpStream Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress WpStream, which can be exploited by an attacker to leverage a misconfigured access control security level...

WordPress Spiffy Calendar Missing Authorization Vulnerability

WordPress Spiffy Calendar is a WordPress calendar plugin focused on helping users manage and display events. A lack of authorization vulnerability exists in WordPress Spiffy Calendar, which can be exploited by an attacker to leverage a misconfigured access control security level...

WordPress Category Icon Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Category Icon, which stems from improper input neutralization during page generation; no detailed vulnerability details...

Kentico Xperience Access Control Bypass Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an access control bypass vulnerability that can be exploited by an attacker to cause an account takeover...

Apple macOS Information Disclosure Vulnerability (CNVD-2026-16059)

Apple macOS is an operating system from the American company Apple Apple. Apple macOS has an information disclosure vulnerability that can be exploited by attackers to cause access to sensitive user data...

Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11781)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A directory traversal vulnerability exists in...