131179 matches found
WordPress SocialChamp with WordPress plugin cross-site request forgery vulnerability
WordPress SocialChamp with WordPress plugin is a plugin called SocialChamp which focuses on social media automation management. WordPress SocialChamp with WordPress plugin suffers from a cross-site request forgery vulnerability that stems from a lack of random number validation in the...
GPAC ghi_dmx_declare_opid_bin function heap buffer overflow vulnerability
GPAC is an open source multimedia framework. GPAC suffers from a heap buffer overflow vulnerability that stems from the ghidmxdeclareopidbin function failing to properly validate the length size of the input data, which can be exploited by an attacker to cause a denial of service...
Mozilla Firefox and Mozilla Thunderbird have undisclosed vulnerabilities (CNVD-2026-23772)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
Cyber Cafe Management System add-users.php Endpoint Cross-Site Scripting Vulnerability
Cyber Cafe Management System is an internet cafe management system. A cross-site scripting vulnerability exists in Cyber Cafe Management System that stems from the uadd parameter of the add-users.php endpoint not being sufficiently cleaned up or coded for user input, and for which no detailed...
Microsoft Windows Management Services Elevation of Privilege Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Management Services due to concurrent execution in Management Services using shared resources with incorrect...
Multiple Mozilla product information leakage vulnerabilities (CNVD-2026-23775)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to...
Integer Overflow Vulnerability in Multiple Mozilla Products
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Code execution vulnerability in multiple Mozilla products (CNVD-2026-11806)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2026-11805)
Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...
Huawei HarmonyOS Memo Module Privilege Control Vulnerability (CNVD-2026-13996)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...
WordPress WP-Members Membership plugin cross-site scripting vulnerability
WordPress WP-Members Membership plugin is an open source membership plugin for WordPress that is mainly used to create membership sites with restricted content. WordPress WP-Members Membership plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Flat Shipping Rate by City for WooCommerce plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress Flat Shipping Rate by City for WooCommerce plugin, which stems from insufficient cleaning and escaping of the cities...
Intern Membership Management System /add_activity.php File SQL Injection Vulnerability
Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the Title parameter in the file /intern/admin/addactivity.php for externally entered SQL...
Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock is an ancillary function driver for Winsock from Microsoft USA. An elevation of privilege vulnerability exists in the Microsoft Windows Ancillary Function Driver for WinSock due to a type obfuscation flaw in the auxiliary function driver for...
Multiple Mozilla product information leakage vulnerabilities (CNVD-2026-23774)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. Several Mozilla products have vulnerabilities related to...
Cyber Cafe Management System adminprofile.php Endpoint SQL Injection Vulnerability
Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from the adminprofile.php endpoint's adminname parameter not being sufficiently cleaned of user input, no details of the vulnerability are availab...
Multiple Mozilla products have deception vulnerabilities (CNVD-2026-23776)
Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that was separated from the Mozilla Application Suite. Several Mozilla products have deceptive vulnerabilities, which are...
WordPress Shipping Rate By Cities plugin SQL Injection Vulnerability
WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...
Intern Membership Management System /add_admin.php File SQL Injection Vulnerability
Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter Username in the file /intern/admin/addadmin.php for externally entered SQL...
Microsoft Excel Access Control Error Vulnerability
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to bypass certain features...
Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13992)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...
Microsoft Windows File Explorer Information Disclosure Vulnerability (CNVD-2026-10673)
Microsoft Windows File Explorer is a file manager application from Microsoft USA. An information disclosure vulnerability exists in Microsoft Windows File Explorer, which can be exploited by attackers to obtain sensitive information...
Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the failure of the serviceName2 parameter in the fromAdvSetMacMtuWan function to proper...
Mozilla Firefox and Mozilla Thunderbird information leakage vulnerabilities (CNVD-2026-23770)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
Huawei HarmonyOS Card Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13987)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Card Framework module, which can be exploited by an attacker to cause...
Microsoft Graphics Kernel Competitive Conditions Issue Vulnerability
Microsoft Graphics Kernel is a kernel-mode graphics driver subsystem from Microsoft. A security vulnerability exists in Microsoft Graphics Kernel. An attacker could exploit the vulnerability to gain elevated privileges...
Microsoft Excel Code Execution Vulnerability (CNVD-2026-08746)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel. An attacker could exploit the vulnerability to remotely execute code...
WordPress Supreme Modules Lite plugin code issue vulnerability
WordPress Supreme Modules Lite plugin is a free extension plugin designed for Divi themes and DiviBuilder. WordPress Supreme Modules Lite plugin has a code issue vulnerability that stems from insufficient file type validation, which can be exploited by an attacker to cause arbitrary file uploads...
Mozilla Firefox and Mozilla Thunderbird code execution vulnerabilities (CNVD-2026-23773)
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Mozilla Thunderbird is an email client software independently developed from the Mozilla Application Suite by the same organization. This software supports IMAP and POP email protocols, as well...
TRENDnet TEW-811DRU Operating System Command Injection Vulnerability
The TRENDnet TEW-811DRU is a wireless router from TRENDnet. The TRENDnet TEW-811DRU suffers from an operating system command injection vulnerability that stems from a misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause...
WordPress Uploadify plugin code issue vulnerability
WordPress Uploadify plugin is a jQuery-based multi-file upload plugin that allows webmasters or users to implement intuitive and customizable file uploading features on web pages. A code issue vulnerability exists in WordPress Uploadify plugin that stems from a lack of file type validation in...
Huawei HarmonyOS Video Framework Module Multi-threaded Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Video Framework module, which can be exploited by an attacker to cause...
Adobe Dreamweaver Desktop Input Validation Error Vulnerability (CNVD-2026-11774)
Adobe Dreamweaver Desktop is a web design and development software from the American company Audobee Adobe. Adobe Dreamweaver Desktop is vulnerable to an incorrect input validation error vulnerability. An attacker can exploit this vulnerability to execute arbitrary code on the system...
D-Link DWR-M920 sub_423848 function buffer overflow vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub423848 in the file /boafrm/formParentControl, for which no...
Tenda M3 /goform/setInternetLanInfo File Heap Buffer Overflow Vulnerability
Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the file / goform / setInternetLanInfo function...
D-Link DWR-M920 sub_464794 function buffer overflow vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that stems from the incorrect manipulation of the parameter submit-url in the function sub464794 in the file /boafrm/formDefRoute, for which no detailed...
D-Link DWR-M920 sub_42261C Function Stack Buffer Overflow Vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a stack buffer overflow vulnerability that stems from incorrect manipulation of the parameter ip6addr in the function sub42261C in the file /boafrm/formFilter, for which no detailed...
D-Link DWR-M920 Command Injection Vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter fotaurl in the function sub4155B4 in the file /boafrm/formLtefotaUpgradeFibocom, for which n...
TRENDnet TEW-713RE Operating System Command Injection Vulnerability
The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from an operating system command injection vulnerability due to manipulation of the SZCMD parameter in an unknown function in the /goformX/formFSrvX file. An attacker could exploit the...
IBM Concert Information Disclosure Vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from...
Delta Electronics DVP-12SE11T Improper Input Validation Vulnerability
Delta Electronics DVP-12SE11T is a networked mainframe from Delta Electronics China. The Delta Electronics DVP-12SE11T suffers from an improper input validation vulnerability that can be exploited by an attacker to cause a denial of service...
Refugee Food Management System SQL Injection Vulnerability
Refugee Food Management System is a refugee food management system. Refugee Food Management System suffers from a SQL injection vulnerability that stems from the incorrect manipulation of parameter a in the file /home/addusers.php, no details of the vulnerability are available at this time...
Delta Electronics DVP-12SE11T Out-of-Bounds Write Vulnerability
Delta Electronics DVP-12SE11T is a networked mainframe from Delta Electronics China. The Delta Electronics DVP-12SE11T is vulnerable to an out-of-bounds write vulnerability, no details of the vulnerability are available at this time...
Delta Electronics DVP15MC11T Denial of Service Vulnerability
The Delta Electronics DVP15MC11T is a multi-axis motion controller from Delta Electronics China. A denial of service vulnerability exists in the Delta Electronics DVP15MC11T, which stems from improper validation of modbus/tcp packets and can be exploited by an attacker to cause a denial of servic...
Complete Online Beauty Parlor Management System /search-invoices.php File Cross-Site Scripting Vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...
Tenda WH450 /goform/RouteStatic file stack buffer overflow vulnerability
The Tenda WH450 is a wireless access point produced by the Chinese company Tenda. The Tenda WH450 has a stack buffer overflow vulnerability, which stems from incorrect handling of the page parameter in the file/goform/RouteStatic. No detailed details about the vulnerability are currently availabl...
IBM Concert Competitive Conditions Vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from a competitive condition vulnerability that stems from a...
TRENDnet TEW-822DRE Command Injection Vulnerability
The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. The TRENDnet TEW-822DRE suffers from a command injection vulnerability that originates from a misuse of the parameter peerPin in the file /boafrm/formWsc, which can be exploited by an attacker to execute arbitrary commands on t...
TRENDnet TEW-800MB Command Injection Vulnerability
The TRENDnet TEW-800MB is a dual-band wireless router from TRENDnet. The TRENDnet TEW-800MB suffers from a command injection vulnerability that originates from a misbehavior of the function subF934 in the file NTPSyncWithHost.cgi, which can be exploited by an attacker to execute arbitrary command...