Lucene search
K

131179 matches found

CNVD
CNVD
•added 2025/12/30 12:0 a.m.•6 views

WordPress User Submitted Posts plugin open to redirection vulnerability

WordPress User Submitted Posts plugin is a WordPress plugin that allows website visitors to submit post content via a front-end form that includes features such as title, tags, categories, author information, URL, body text and image uploads. WordPress User Submitted Posts plugin suffers from an...

6.1CVSS6.8AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•7 views

WordPress Draft Notify plugin cross-site scripting vulnerability

WordPress Draft Notify plugin is a WordPress plugin for managing draft notifications on your WordPress site. The WordPress Draft Notify plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

5.4CVSS6.1AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•4 views

WordPress Tablesome plugin information disclosure vulnerability

WordPress Tablesome plugin is a feature-rich WordPress tables plugin that is mainly used to create responsive data tables and integrate multiple data sources. WordPress Tablesome plugin suffers from an information disclosure vulnerability that originates from inserting sensitive information into...

7.5CVSS6.3AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•5 views

WordPress Brands for WooCommerce Plugin SQL Injection Vulnerability

WordPress Brands for WooCommerce Plugin is a category of plugins for WordPress websites that specialize in helping WooCommerce online stores manage product brands. WordPress Brands for WooCommerce Plugin suffers from a SQL injection vulnerability that stems from the application's lack of validati...

9.8CVSS8.1AI score0.00219EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•3 views

Command Execution Vulnerability in RG-EST350 V2 of Beijing StarNet Ruijie Network Technology Co.

Ruijie EST350-V2 is a wireless outdoor bridge product supporting 802.11ac protocol, which is designed for the business of video transmission or data transmission in the scenarios of tower crane, factory, scenic spot, park, planting base, fishpond aquaculture base, construction site, etc. Ruijie...

6AI score
Exploits0
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•7 views

WordPress User Feedback plugin SQL Injection Vulnerability

WordPress User Feedback plugin is a tool designed for WordPress websites to create and manage user feedback forms, surveys and contact forms. WordPress User Feedback plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL...

9.8CVSS8AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•5 views

WordPress Astra Widgets plugin cross-site scripting vulnerability

WordPress Astra Widgets plugin is a widgets extension plugin developed by the Astra Themes team to enhance the functionality of Astra themes. WordPress Astra Widgets plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

5.4CVSS6.1AI score0.00298EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•4 views

WordPress Nika plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Nika plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

7.5CVSS6.3AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•8 views

WordPress Gift Hunt plugin cross-site scripting vulnerability

WordPress Gift Hunt plugin is a plugin for creating interactive scavenger hunts on WordPress websites. The WordPress Gift Hunt plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

5.4CVSS6.1AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•29 views

WordPress Evergreen Post Tweeter plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Evergreen Post Tweeter plugin suffers from a cross-site request forgery vulnerability that stems from the application's lack of effective filtering and escaping of...

8.8CVSS6.9AI score0.00097EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•6 views

WordPress 6Storage Rentals plugin server-side request forgery vulnerability

WordPress 6Storage Rentals plugin is a plugin designed for WordPress websites, designed to help webmasters easily manage the rental booking process for storage facilities. WordPress 6Storage Rentals plugin suffers from a server-side request forgery vulnerability, which stems from the server not...

9.1CVSS7.2AI score0.00163EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•9 views

WordPress Gravity Forms plugin file upload vulnerability

WordPress Gravity Forms plugin is a popular WordPress plugin for creating and managing various types of forms. A file upload vulnerability exists in the WordPress Gravity Forms plugin, which stems from the chunked upload feature failing to prevent dangerous file uploads, no details of the...

6.8CVSS6.9AI score0.00315EPSS
Exploits2References1
CNVD
CNVD
•added 2025/12/30 12:0 a.m.•4 views

WordPress HAPPY plugin missing authorization vulnerability

WordPress HAPPY plugin is a feature extension plugin for Elementor page builder. A lack of authorization vulnerability exists in WordPress HAPPY plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

5.3CVSS6.5AI score0.00191EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•8 views

UTT Progressive 512W Buffer Overflow Vulnerability

The UTT Progress 512W is an enterprise-grade wireless router designed for small office or home office SOHO environments for network scenarios with up to 50 people. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates from the incorrect operation of the strcpy...

9.8CVSS7.3AI score0.0078EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•6 views

CMSimple cross-site scripting vulnerability (CNVD-2026-0082457)

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

6.1CVSS6.3AI score0.00235EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•1 views

NVIDIA Isaac Launchable Arbitrary Code Execution Vulnerability

NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a security vulnerability that stems from improper design and can be exploited by remote...

9.8CVSS6AI score0.00738EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•6 views

Orangescrum SQL Injection Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a SQL injection vulnerability that stems from insufficient validation of parameter inputs such as oldprojectid, projectid, uuid,...

8.7CVSS8AI score0.003EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•6 views

CMSimple Code Execution Vulnerability

CMSimple is a free content management system. CMSimple suffers from a code execution vulnerability that stems from the template editing feature not securely controlling and filtering the content of user-inputted code, resulting in logged-in users being able to inject malicious PHP code into...

8.8CVSS7.6AI score0.0076EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•5 views

CMSimple File Inclusion Vulnerability

CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...

8.6CVSS7.3AI score0.00712EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•4 views

Orangescrum Elevation of Privilege Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an elevation of privilege vulnerability, which stems from the application's failure to effectively verify the source of requests ...

8.8CVSS7AI score0.0042EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•3 views

IBM Concert Heap Memory Cleaning Improperly Vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an improper heap memory cleanup vulnerability that can be...

7.5CVSS5.9AI score0.00286EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•9 views

CMSimple_XH Code Execution Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...

8.6CVSS8AI score0.00926EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•6 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1206330)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•6 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079178)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates...

9.8CVSS7.3AI score0.00662EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•6 views

NVIDIA Isaac Launchable Trust Management Issue Vulnerability

NVIDIA Isaac Launchable is a one-click deployment GPU development environment designed to simplify the AI development process and accelerate experimentation and deployment. NVIDIA Isaac Launchable suffers from a trust management issue vulnerability that stems from improperly protected credentials...

9.8CVSS6AI score0.00536EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•5 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079375)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W suffers from a buffer overflow vulnerability that originates fro...

9.8CVSS7.3AI score0.00764EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•4 views

UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079277)

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. UTT Progressive 512W suffers from a buffer overflow vulnerability that originates fro...

9.8CVSS7.3AI score0.00662EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•5 views

Orangescrum Cross-Site Scripting Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...

5.4CVSS6.6AI score0.00194EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/29 12:0 a.m.•3 views

CMSimple Cross-Site Scripting Vulnerability

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the application not effectively filtering or neutralizing HTML Unicode encoding when processing user input. An attacker could use this vulnerability to execute arbitrary...

6.1CVSS6.4AI score0.00216EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/27 12:0 a.m.•0 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1203509)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•3 views

WordPress My auctions allegro cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress My auctions allegro, which stems from improper input neutralization, and no detailed vulnerability details are provided ...

5.4CVSS5.7AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•2 views

WordPress Fast User Switching Cross-Site Request Forgery Vulnerability

Fast User Switching is a plugin that allows site administrators to quickly switch between different user accounts, operating directly from the WordPress admin toolbar. WordPress Fast User Switching suffers from a cross-site request forgery vulnerability, and no details of the vulnerability are...

8.8CVSS5.6AI score0.00109EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•4 views

WordPress Funnelforms Free Missing License Vulnerability

Funnelforms Free is a free plugin that focuses on helping webmasters increase conversions through multi-step forms and contact forms. WordPress Funnelforms Free suffers from a lack of authorization vulnerability, which can be exploited by an attacker to perform an unauthorized operation via a...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•0 views

WordPress Vimeotheque Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Vimeotheque suffers from a cross-site request forgery vulnerability for which no detailed vulnerability details are currently available...

8.8CVSS5.7AI score0.00109EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•1 views

WordPress Category Icon Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Category Icon, which stems from improper input neutralization during page generation; no detailed vulnerability details...

5.4CVSS5.7AI score0.00148EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•8 views

WordPress WpStream Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress WpStream, which can be exploited by an attacker to leverage a misconfigured access control security level...

8.8CVSS5.8AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/26 12:0 a.m.•4 views

WordPress Spiffy Calendar Missing Authorization Vulnerability

WordPress Spiffy Calendar is a WordPress calendar plugin focused on helping users manage and display events. A lack of authorization vulnerability exists in WordPress Spiffy Calendar, which can be exploited by an attacker to leverage a misconfigured access control security level...

8.1CVSS5.8AI score0.00162EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Complete Online Beauty Parlor Management System /view-appointment.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...

9.8CVSS6.1AI score0.00326EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS6AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•7 views

ChurchCRM Code Execution Vulnerability (CNVD-2026-0535893)

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...

9.1CVSS6.5AI score0.01381EPSS
Exploits3References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

ChurchCRM CartToFamily.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the PersonAddress parameter in the src/CartToFamily.php file. No details of the vulnerability are provided at...

8.8CVSS5.9AI score0.00314EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•6 views

Apache Fineract Information Disclosure Vulnerability

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an informatio...

8.5CVSS6.3AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Apache Fineract Security Bypass Vulnerability

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from a security...

8.1CVSS6.8AI score0.00339EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

UTT Progressive 512W Memory Corruption Vulnerability

The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progress 512W suffers from a memory corruption vulnerability that originates...

9CVSS7AI score0.03108EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Kentico Xperience Denial of Service Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience Email Marketing Template Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...

5.1CVSS5.9AI score0.0017EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

WordPress Plugin VikBooking Hotel Booking Engine & PMS Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin VikBooking Hotel Booking...

5.9CVSS6AI score0.00268EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•7 views

Microsoft Azure Cosmos DB Spoofing Vulnerability

Microsoft Azure Cosmos DB is a distributed multi-model database from Microsoft USA. A spoofing vulnerability exists in Microsoft Azure Cosmos DB that stems from improper input neutralization and can be exploited by an attacker to cause a network spoofing attack...

8.3CVSS6.7AI score0.00639EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•2 views

Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.9AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Unspecified Vulnerability in RiteCMS

RiteCMS is an open source content management system based on php and sqlite. An unspecified vulnerability exists in RiteCMS that stems from the use of insecure encryption to store passwords. No detailed vulnerability details are provided at this time...

5.3CVSS5.9AI score0.00125EPSS
Exploits1References1
Total number of security vulnerabilities131179