130931 matches found
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...
Apache Fineract Information Disclosure Vulnerability
Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an informatio...
Student File Management System /save_student.php File SQL Injection Vulnerability
Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file /admin/savestudent.php. An attacker...
Kentico Xperience Information Disclosure Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that originates in the Live Site Part Properties dialog box that could disclose sensitive system objects and can be exploited by an attacker to cause unauthorize...
Kentico Xperience File Upload Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a file upload vulnerability that stems from a lack of valid validation of uploaded files in the MVC form file upload component. The vulnerability can be exploited to remotely execute arbitrary code by...
Kentico Xperience HTML Injection Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...
Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05123)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05121)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05119)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause the theft of sensitive data by executing a malicious script in a user's browser...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04265)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Unspecified vulnerability in Kentico Xperience (CNVD-2026-04264)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a security vulnerability that can be exploited by an attacker to cause URL hashes to be tampered with...
ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0536090)
ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...
ChurchCRM Event Participant Editor SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the event participant editor. An attacker can exploit the vulnerability to cause a full database disclosure and...
ChurchCRM Cross-Site Scripting Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the View Active People, View Inactive People, and View All People pages, which can be exploited b...
ChurchCRM UserEditor.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the type parameter of the src/UserEditor.php file. No details of the vulnerability are provided at this time...
ChurchCRM Code Execution Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...
ChurchCRM Access Control Error Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from an access control error vulnerability that stems from an access control flaw in the allowRegistration, acceptKiosk, reloadKiosk, and identifyKiosk functions of the Kiosk Manager function, which can be exploited by an...
ChurchCRM ListEvents.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the WhichType parameter in the src/ListEvents.php file. No details of the vulnerability are provided at this ti...
ChurchCRM CartToFamily.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the PersonAddress parameter in the src/CartToFamily.php file. No details of the vulnerability are provided at...
ChurchCRM eGive.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the MissingEgiveFamID parameter in the eGive.php file. No detailed vulnerability details are provided at this...
ChurchCRM GroupEditor.php Page Cross-Site Scripting Vulnerability
ChurchCRM is an open source church management system. ChurchCRM has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the GroupEditor.php page, which can be exploited by an attacker to execute arbitrary Web script or HTML by...
Unspecified Vulnerability in RiteCMS
RiteCMS is an open source content management system based on php and sqlite. An unspecified vulnerability exists in RiteCMS that stems from the use of insecure encryption to store passwords. No detailed vulnerability details are provided at this time...
RiteCMS File Containment Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...
Complete Online Beauty Parlor Management System /search-invoices.php File SQL Injection Vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...
NVIDIA Nemo Framework Code Issue Vulnerability (CNVD-2026-1237200)
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA NeMo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, denial of service, and data tampering...
NVIDIA Nemo Framework Code Issue Vulnerability
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA Nemo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, information disclosure, and data tampering...
WordPress Plugin MasterStudy LMS Pro Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS Pro. The...
WordPress plugin Follow My Blog Post interest leakage vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Follow My Blog Post, whi...
WordPress Plugin Restaurant Menu by MotoPress Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Restaurant Menu by...
WordPress Plugin Ultimate Member Widgets for Elementor Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Ultimate Member Widgets...
WordPress Plugin VikBooking Hotel Booking Engine & PMS Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin VikBooking Hotel Booking...
Computer Laboratory System File Upload Vulnerability
Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from a misbehavior of the parameter image in the file technicalstaffpic.php, which can be exploited by an attacker to cause an arbitrary file upload...
Online Appointment Booking System deletemanager.php File SQL Injection Vulnerability
Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter managername in the file /admin/deletemanager.ph...
Prison Management System search1.php File SQL Injection Vulnerability
Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search1.php. An attacker can exploit this...
Student File Management System stud_no Parameter SQL Injection Vulnerability
Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file loginquery.php. An attacker can...
Student File Management System update_student.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...
Student File Management System user_id Parameter SQL Injection Vulnerability
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /admin/updateuser.php. An attacker ca...
Student File Management System Cross-Site Scripting Vulnerability
Student File Management System is a student file management system. Student File Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/updatestudent.php, which can be exploited by a...
Complete Online Beauty Parlor Management System /view-appointment.php File SQL Injection Vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...
Kentico Xperience SQL Injection Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Online Marketing Macro Method parameter. An attacker can exploit this vulnerability to...
Student File Management System login_query.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in the file /admin/loginquery.php. An...
Scholars Tracking System delete_user.php File SQL Injection Vulnerability
Scholars Tracking System is a scholars tracking system. Scholars Tracking System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter ID in file /admin/deleteuser.php. An attacker can exploit this vulnerability to...
WordPress Plugin Appointment Booking Calendar Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Appointment Booking...
Prison Management System search.php File SQL Injection Vulnerability
Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...
ChurchCRM Information Disclosure Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2026-00010)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to perform spoofing attacks...
Microsoft Azure Cognitive Service for Language Elevation of Privilege Vulnerability
Microsoft Azure Cognitive Service for Language is a cloud-based natural language processing service from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Azure Cognitive Service for Language, which is caused by a flaw in a customized question and answer. An attacker coul...