ChurchCRM Code Execution Vulnerability (CNVD-2026-0535893)

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...

RiteCMS Cross-Site Request Forgery Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a cross-site request forgery vulnerability, the vulnerability stems from the page creation and editing functions do not adequately verify whether the request comes from a trusted user, an attacker can use thi...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05124)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via an error message containing a specially crafted object name...

ChurchCRM Privilege Elevation Vulnerability

ChurchCRM is an open source CRM system for churches. ChurchCRM suffers from an elevation of privilege vulnerability that stems from the application not properly implementing an access control mechanism that directly references data transmitted from the client as an object, no details of the...

WordPress Plugin myCred Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin myCred has an information disclosure vulnerability, the vulnerability stems fr...

Online Appointment Booking System clinic parameter SQL injection vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file...

Apache Fineract Security Bypass Vulnerability

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...

Apache Fineract Information Disclosure Vulnerability (CNVD-2026-00006)

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0535400)

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and coding when storing user-entered HTML/JS, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted...

UTT Progressive 512W Memory Corruption Vulnerability

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progress 512W suffers from a memory corruption vulnerability that originates...

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

Complete Online Beauty Parlor Management System /bwdates-reports-details.php file cross-site scripting vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

Kentico Xperience Information Disclosure Vulnerability (CNVD-2026-04247)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04261)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

Student File Management System save_user.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /admin/saveuser.php. An...

Kentico Xperience Information Disclosure Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by an attacker to cause exposure of internal network details...

Student File Management System /delete_student.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentid in the file /admin/deletestudent.php. An...

Kentico Xperience Email Marketing Template Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...

Kentico Xperience Security Bypass Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A security bypass vulnerability exists in Kentico Xperience, which can be exploited by an attacker to cause a compromise of session security and authentication state...

Microsoft Azure Cosmos DB Spoofing Vulnerability

Microsoft Azure Cosmos DB is a distributed multi-model database from Microsoft USA. A spoofing vulnerability exists in Microsoft Azure Cosmos DB that stems from improper input neutralization and can be exploited by an attacker to cause a network spoofing attack...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Kentico Xperience Denial of Service Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

Apache HugeGraph-Server Deserialization Vulnerability

Apache HugeGraph-Server is a server-side process for graph databases from the Apache Foundation. Apache HugeGraph-Server suffers from a deserialization vulnerability that stems from insecure Hessian deserialization in the PD store, which can be exploited by an attacker to cause remote code...

RiteCMS Improper Access Control Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...

Apache StreamPark Weak Algorithm Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...

RiteCMS Code Execution Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a code execution vulnerability that stems from a flaw in the parsespecialtags function, which can be exploited by an attacker to cause remote code execution...

Unspecified vulnerability in Kentico Xperience (CNVD-2026-04263)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience has a security vulnerability that can be exploited by an attacker to cause sensitive information to be exposed to an external domain...

Apache StreamPark Security Bypass Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

Kentico Xperience Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via a form redirect URL configuration...

Advantech WebAccess/SCADA SQL Injection Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...

Advantech WebAccess/SCADA Directory Traversal Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

Command Injection Vulnerability in TOTOLINK N200RE setOpModeCfg

The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a command injection of hostName in setOpModeCfg. No details of the vulnerability are provided at this time...

Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11783)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...

Advantech WebAccess/SCADA Code Issue Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...

WordPress FileBird Pro plugin missing authorization vulnerability

WordPress FileBird Pro plugin is a media library management plugin for WordPress websites designed to help users organize and manipulate media files more efficiently. A missing authorization vulnerability exists in WordPress FileBird Pro plugin, which can be exploited by an attacker to leverage a...

WordPress Fancy Product Designer plugin information disclosure vulnerability

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-1134083)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

WordPress FAPI Member plugin authorization bypass vulnerability

The FAPI Member plugin is a tool for connecting and integrating the FAPIMember service with WordPress sites. An authorization bypass vulnerability exists in the WordPress FAPI Member plugin, which stems from a user control key bypassing authorization, and can be exploited by an attacker to levera...

WordPress Events Manager Plugin Information Disclosure Vulnerability

WordPress Events Manager Plugin is a full-featured open source plugin designed for managing events on WordPress sites. WordPress Events Manager Plugin suffers from an information disclosure vulnerability that stems from an under-restricted getlocation operation, which can be exploited by an...

WordPress Fancy Product Designer plugin server-side request forgery vulnerability

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. A server-side request forgery vulnerability exists in the WordPress Fancy Product Designer plugin, which stems from the presence...

WordPress Filebird Plugin Missing Authorization Vulnerability

WordPress Filebird Plugin is a media library management plugin for WordPress that allows users to organize media files by creating folders and subfolders to improve the efficiency of media library management. WordPress Filebird Plugin suffers from a missing authorization vulnerability, which can ...

WordPress Fix Media Library plugin information disclosure vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress Fix Media Library plugin that stems from inserting sensitive information into the sent data, no details of the...

WordPress Freshchat plugin cross-site request forgery vulnerability

WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...

WordPress FX Currency Converter plugin cross-site scripting vulnerability

WordPress FX Currency Converter plugin is a plugin for WordPress websites designed to provide currency conversion functionality that allows users to perform real-time exchange rate calculations between different currencies. The WordPress FX Currency Converter plugin suffers from a cross-site...

WordPress GPXpress plugin cross-site scripting vulnerability

WordPress GPXpress plugin is a plugin for WordPress that is mainly used to embed aesthetically pleasing maps to display GPX paths. A cross-site scripting vulnerability exists in the WordPress GPXpress plugin, which stems from the lack of effective filtering and escaping of user-supplied data in t...

WordPress Grider for Elementor plugin missing license vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Grider for Elementor plugin, which can be exploited by an attacker to leverage an incorrectly configured access...

WordPress Header Footer Script Adder plugin Cross Site Scripting Vulnerability

WordPress Header Footer Script Adder plugin is a plugin that allows users to insert custom code in the header and footer areas of a website. The WordPress Header Footer Script Adder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress HelloLeads CRM Form Shortcode plugin missing authorization vulnerability

WordPress HelloLeads CRM Form Shortcode plugin is a WordPress plugin with integrated Customer Relationship Management CRM functionality that allows users to embed CRM forms and marketing tools on their websites through shortcodes. A lack of authorization vulnerability exists in the WordPress...

WordPress Hide Email Address plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Hide Email Address plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the inlinecss...