131179 matches found
WordPress User Submitted Posts plugin open to redirection vulnerability
WordPress User Submitted Posts plugin is a WordPress plugin that allows website visitors to submit post content via a front-end form that includes features such as title, tags, categories, author information, URL, body text and image uploads. WordPress User Submitted Posts plugin suffers from an...
WordPress Draft Notify plugin cross-site scripting vulnerability
WordPress Draft Notify plugin is a WordPress plugin for managing draft notifications on your WordPress site. The WordPress Draft Notify plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...
WordPress Tablesome plugin information disclosure vulnerability
WordPress Tablesome plugin is a feature-rich WordPress tables plugin that is mainly used to create responsive data tables and integrate multiple data sources. WordPress Tablesome plugin suffers from an information disclosure vulnerability that originates from inserting sensitive information into...
WordPress Brands for WooCommerce Plugin SQL Injection Vulnerability
WordPress Brands for WooCommerce Plugin is a category of plugins for WordPress websites that specialize in helping WooCommerce online stores manage product brands. WordPress Brands for WooCommerce Plugin suffers from a SQL injection vulnerability that stems from the application's lack of validati...
Command Execution Vulnerability in RG-EST350 V2 of Beijing StarNet Ruijie Network Technology Co.
Ruijie EST350-V2 is a wireless outdoor bridge product supporting 802.11ac protocol, which is designed for the business of video transmission or data transmission in the scenarios of tower crane, factory, scenic spot, park, planting base, fishpond aquaculture base, construction site, etc. Ruijie...
WordPress User Feedback plugin SQL Injection Vulnerability
WordPress User Feedback plugin is a tool designed for WordPress websites to create and manage user feedback forms, surveys and contact forms. WordPress User Feedback plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL...
WordPress Astra Widgets plugin cross-site scripting vulnerability
WordPress Astra Widgets plugin is a widgets extension plugin developed by the Astra Themes team to enhance the functionality of Astra themes. WordPress Astra Widgets plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...
WordPress Nika plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Nika plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...
WordPress Gift Hunt plugin cross-site scripting vulnerability
WordPress Gift Hunt plugin is a plugin for creating interactive scavenger hunts on WordPress websites. The WordPress Gift Hunt plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
WordPress Evergreen Post Tweeter plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Evergreen Post Tweeter plugin suffers from a cross-site request forgery vulnerability that stems from the application's lack of effective filtering and escaping of...
WordPress 6Storage Rentals plugin server-side request forgery vulnerability
WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...
WordPress Gravity Forms plugin file upload vulnerability
WordPress Gravity Forms plugin is a popular WordPress plugin for creating and managing various types of forms. A file upload vulnerability exists in the WordPress Gravity Forms plugin, which stems from the chunked upload feature failing to prevent dangerous file uploads, no details of the...
WordPress HAPPY plugin missing authorization vulnerability
WordPress HAPPY plugin is a feature extension plugin for Elementor page builder. A lack of authorization vulnerability exists in WordPress HAPPY plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...
UTT Progressive 512W Buffer Overflow Vulnerability
The UTT Progress 512W is an enterprise-grade wireless router designed for small office or home office SOHO environments for network scenarios with up to 50 people. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates from the incorrect operation of the strcpy...
CMSimple cross-site scripting vulnerability (CNVD-2026-0082457)
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...
NVIDIA Isaac Launchable Arbitrary Code Execution Vulnerability
NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a security vulnerability that stems from improper design and can be exploited by remote...
Orangescrum SQL Injection Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a SQL injection vulnerability that stems from insufficient validation of parameter inputs such as oldprojectid, projectid, uuid,...
CMSimple Code Execution Vulnerability
CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...
CMSimple File Inclusion Vulnerability
CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...
Orangescrum Elevation of Privilege Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an elevation of privilege vulnerability, which stems from the application's failure to effectively verify the source of requests ...
IBM Concert Heap Memory Cleaning Improperly Vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an improper heap memory cleanup vulnerability that can be...
CMSimple_XH Code Execution Vulnerability
CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1206330)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079178)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates...
NVIDIA Isaac Launchable Trust Management Issue Vulnerability
NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a trust management issue vulnerability that stems from improperly protected credentials...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079375)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W suffers from a buffer overflow vulnerability that originates fro...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079277)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W suffers from a buffer overflow vulnerability that originates fro...
Orangescrum Cross-Site Scripting Vulnerability
Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...
CMSimple Cross-Site Scripting Vulnerability
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1203509)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress My auctions allegro cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress My auctions allegro, which stems from improper input neutralization, and no detailed vulnerability details are provided ...
WordPress Fast User Switching Cross-Site Request Forgery Vulnerability
Fast User Switching is a plugin that allows site administrators to quickly switch between different user accounts, operating directly from the WordPress admin toolbar. WordPress Fast User Switching suffers from a cross-site request forgery vulnerability, and no details of the vulnerability are...
WordPress Funnelforms Free Missing License Vulnerability
Funnelforms Free is a free plugin that focuses on helping webmasters increase conversions through multi-step forms and contact forms. WordPress Funnelforms Free suffers from a lack of authorization vulnerability, which can be exploited by an attacker to perform an unauthorized operation via a...
WordPress Vimeotheque Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...
WordPress Category Icon Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Category Icon, which stems from improper input neutralization during page generation; no detailed vulnerability details...
WordPress WpStream Missing Authorization Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress WpStream, which can be exploited by an attacker to leverage a misconfigured access control security level...
WordPress Spiffy Calendar Missing Authorization Vulnerability
WordPress Spiffy Calendar is a WordPress calendar plugin focused on helping users manage and display events. A lack of authorization vulnerability exists in WordPress Spiffy Calendar, which can be exploited by an attacker to leverage a misconfigured access control security level...
Complete Online Beauty Parlor Management System /view-appointment.php File SQL Injection Vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
ChurchCRM Code Execution Vulnerability (CNVD-2026-0535893)
ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...
ChurchCRM CartToFamily.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the PersonAddress parameter in the src/CartToFamily.php file. No details of the vulnerability are provided at...
Apache Fineract Information Disclosure Vulnerability
Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an informatio...
Apache Fineract Security Bypass Vulnerability
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...
UTT Progressive 512W Memory Corruption Vulnerability
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progress 512W suffers from a memory corruption vulnerability that originates...
Kentico Xperience Denial of Service Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...
Kentico Xperience Email Marketing Template Cross-Site Scripting Vulnerability
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...
WordPress Plugin VikBooking Hotel Booking Engine & PMS Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin VikBooking Hotel Booking...
Microsoft Azure Cosmos DB Spoofing Vulnerability
Microsoft Azure Cosmos DB is a distributed multi-model database from Microsoft USA. A spoofing vulnerability exists in Microsoft Azure Cosmos DB that stems from improper input neutralization and can be exploited by an attacker to cause a network spoofing attack...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...
Unspecified Vulnerability in RiteCMS
RiteCMS is an open source content management system based on php and sqlite. An unspecified vulnerability exists in RiteCMS that stems from the use of insecure encryption to store passwords. No detailed vulnerability details are provided at this time...