Lucene search
K

131179 matches found

CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

ChurchCRM UserEditor.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the type parameter of the src/UserEditor.php file. No details of the vulnerability are provided at this time...

7.2CVSS5.9AI score0.00346EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•13 views

RiteCMS Code Execution Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a code execution vulnerability that stems from a flaw in the parsespecialtags function, which can be exploited by an attacker to cause remote code execution...

7.2CVSS6.5AI score0.00773EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04261)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.1CVSS6AI score0.0014EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

6.1CVSS6AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience Information Disclosure Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that originates in the Live Site Part Properties dialog box that could disclose sensitive system objects and can be exploited by an attacker to cause unauthorize...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience HTML Injection Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...

6.1CVSS6.1AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05123)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS6AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05121)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS6AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•1 views

ChurchCRM Cross-Site Scripting Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the View Active People, View Inactive People, and View All People pages, which can be exploited b...

9.2CVSS6AI score0.0017EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

ChurchCRM ListEvents.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the WhichType parameter in the src/ListEvents.php file. No details of the vulnerability are provided at this ti...

8.8CVSS5.9AI score0.00327EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•2 views

ChurchCRM eGive.php File SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the MissingEgiveFamID parameter in the eGive.php file. No detailed vulnerability details are provided at this...

7.2CVSS5.9AI score0.00315EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•2 views

RiteCMS File Containment Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...

7.5CVSS5.9AI score0.01098EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•1 views

WordPress Plugin Restaurant Menu by MotoPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Restaurant Menu by...

6.5CVSS5.9AI score0.00282EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Online Appointment Booking System deletemanager.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter managername in the file /admin/deletemanager.ph...

7.2CVSS8.3AI score0.00275EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•6 views

ChurchCRM Privilege Elevation Vulnerability

ChurchCRM is an open source CRM system for churches. ChurchCRM suffers from an elevation of privilege vulnerability that stems from the application not properly implementing an access control mechanism that directly references data transmitted from the client as an object, no details of the...

8.5CVSS7.2AI score0.00164EPSS
Exploits3References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

WordPress Plugin myCred Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin myCred has an information disclosure vulnerability, the vulnerability stems fr...

4.3CVSS6AI score0.00208EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...

5.4CVSS6AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Prison Management System search.php File SQL Injection Vulnerability

Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...

8.8CVSS8.3AI score0.00307EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•7 views

Student File Management System update_student.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...

9.8CVSS7.9AI score0.00363EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Online Appointment Booking System clinic parameter SQL injection vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file...

9.8CVSS8.3AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

WordPress Plugin Appointment Booking Calendar Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Appointment Booking...

5.3CVSS5.9AI score0.0032EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•7 views

Microsoft Azure Cognitive Service for Language Elevation of Privilege Vulnerability

Microsoft Azure Cognitive Service for Language is a cloud-based natural language processing service from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Azure Cognitive Service for Language, which is caused by a flaw in a customized question and answer. An attacker coul...

9.9CVSS7.2AI score0.00653EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•9 views

Kentico Xperience SQL Injection Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Online Marketing Macro Method parameter. An attacker can exploit this vulnerability to...

8.8CVSS6.1AI score0.00259EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

ChurchCRM GroupEditor.php Page Cross-Site Scripting Vulnerability

ChurchCRM is an open source church management system. ChurchCRM has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the GroupEditor.php page, which can be exploited by an attacker to execute arbitrary Web script or HTML by...

5.4CVSS6AI score0.00162EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...

6.1CVSS5.8AI score0.00139EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

6.5CVSS6.2AI score0.00413EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Student File Management System stud_no Parameter SQL Injection Vulnerability

Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file loginquery.php. An attacker can...

9.8CVSS7.8AI score0.00453EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0535400)

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and coding when storing user-entered HTML/JS, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted...

6.2CVSS6AI score0.0017EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05119)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause the theft of sensitive data by executing a malicious script in a user's browser...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

ChurchCRM Event Participant Editor SQL Injection Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the event participant editor. An attacker can exploit the vulnerability to cause a full database disclosure and...

9.6CVSS6AI score0.00371EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Complete Online Beauty Parlor Management System /bwdates-reports-details.php file cross-site scripting vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter...

4.8CVSS6AI score0.002EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•6 views

Student File Management System Cross-Site Scripting Vulnerability

Student File Management System is a student file management system. Student File Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/updatestudent.php, which can be exploited by a...

4.8CVSS4.2AI score0.00205EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

WordPress Plugin MasterStudy LMS Pro Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS Pro. The...

7.5CVSS6.1AI score0.00303EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•9 views

Apache HugeGraph-Server Deserialization Vulnerability

Apache HugeGraph-Server is a server-side process for graph databases from the Apache Foundation. Apache HugeGraph-Server suffers from a deserialization vulnerability that stems from insecure Hessian deserialization in the PD store, which can be exploited by an attacker to cause remote code...

8.8CVSS8.1AI score0.00805EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience Access Control Bypass Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an access control bypass vulnerability that can be exploited by an attacker to cause an account takeover...

8.6CVSS5.9AI score0.00289EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11781)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A directory traversal vulnerability exists in...

9.1CVSS6AI score0.00807EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2026-00010)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to perform spoofing attacks...

3.1CVSS6.5AI score0.00227EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•3 views

Kentico Xperience Information Disclosure Vulnerability (CNVD-2026-04247)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...

7.5CVSS5.9AI score0.00259EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•7 views

Kentico Xperience Information Disclosure Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by an attacker to cause exposure of internal network details...

6.9CVSS5.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•8 views

Apache StreamPark Security Bypass Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...

5.9CVSS6.8AI score0.0022EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

NVIDIA Nemo Framework Code Issue Vulnerability (CNVD-2026-1237200)

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA NeMo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, denial of service, and data tampering...

7.8CVSS5.8AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•7 views

Unspecified vulnerability in Kentico Xperience (CNVD-2026-04264)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a security vulnerability that can be exploited by an attacker to cause URL hashes to be tampered with...

7.5CVSS5.9AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•6 views

Complete Online Beauty Parlor Management System /search-invoices.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...

9.8CVSS6AI score0.00326EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Scholars Tracking System delete_user.php File SQL Injection Vulnerability

Scholars Tracking System is a scholars tracking system. Scholars Tracking System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter ID in file /admin/deleteuser.php. An attacker can exploit this vulnerability to...

9.8CVSS7.2AI score0.00333EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

RiteCMS Improper Access Control Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...

7.5CVSS5.9AI score0.00687EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

Unspecified vulnerability in Kentico Xperience (CNVD-2026-04263)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience has a security vulnerability that can be exploited by an attacker to cause sensitive information to be exposed to an external domain...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

RiteCMS Cross-Site Scripting Vulnerability

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

6.1CVSS6AI score0.00218EPSS
Exploits1References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•6 views

WordPress Plugin Ultimate Member Widgets for Elementor Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Ultimate Member Widgets...

7.5CVSS5.9AI score0.00238EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•5 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04265)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS6AI score0.00165EPSS
Exploits0References1
CNVD
CNVD
•added 2025/12/25 12:0 a.m.•4 views

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0536090)

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

9.3CVSS5.8AI score0.00165EPSS
Exploits2References1
Total number of security vulnerabilities131179