130931 matches found
WordPress Advanced FAQ Manager plugin cross-site scripting vulnerability
The WordPress Advanced FAQ Manager plugin is a plugin designed for WordPress websites to help users easily create, manage and display Frequently Asked Questions FAQ pages. The WordPress Advanced FAQ Manager plugin suffers from a cross-site scripting vulnerability that stems from improper input...
WordPress Advanced FAQ Manager plugin cross-site scripting vulnerability (CNVD-2025-3073485)
The WordPress Advanced FAQ Manager plugin is a plugin designed for WordPress websites to help users easily create, manage and display Frequently Asked Questions FAQ pages. The WordPress Advanced FAQ Manager plugin suffers from a cross-site scripting vulnerability that stems from the application's...
WordPress Animation Addons for Elementor plugin SQL Injection Vulnerability
WordPress Animation Addons for Elementor plugin is an Elementor page builder extension plugin for the WordPress platform, focused on adding rich animation effects to websites. The WordPress Animation Addons for Elementor plugin suffers from a SQL injection vulnerability that stems from improper...
WordPress Basel plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in WordPress Basel plugin that stems from an improperly configured access control security level. No details of the vulnerability ar...
WordPress Business Directory Plugin Cross-Site Request Forgery Vulnerability
WordPress Business Directory Plugin is a plugin for creating and managing business directories such as business yellow pages, real estate listings, or classified ads on your WordPress website. WordPress Business Directory Plugin suffers from a cross-site request forgery vulnerability that stems...
WordPress Chartify plugin cross-site request forgery vulnerability
The WordPress Chartify plugin is a tool for quickly building charts and graphs in your WordPress site, designed to simplify the process of data visualization. WordPress Chartify plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately...
WordPress Debug Log Viewer plugin missing license vulnerability
WordPress Debug Log Viewer plugin is a tool for managing debug logs for WordPress systems. A lack of authorization vulnerability exists in the WordPress Debug Log Viewer plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...
WordPress Donation Thermometer plugin cross-site scripting vulnerability
The WordPress Donation Thermometer plugin is a plugin for WordPress sites that visualizes the progress of donations by displaying a progress bar usually like a thermometer. The WordPress Donation Thermometer plugin suffers from a cross-site scripting vulnerability that stems from the application'...
WordPress Essential Widgets plugin cross-site scripting vulnerability
WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...
Tenda CH22 Buffer Overflow Vulnerability (CNVD-2025-3077012)
The Tenda CH22 is an enterprise-grade wireless router for small to medium-sized businesses or home office environments. It supports single-band 2.4GHz wireless networks with a maximum transmission rate of up to 450Mbps. A buffer overflow vulnerability exists in the Tenda CH22 in version 1.0.0.1...
WordPress Accordion Slider PRO plugin SQL Injection Vulnerability
WordPress Accordion Slider PRO plugin is a responsive, touch-enabled slider plugin for WordPress that allows users to create professional and elegant slider effects. The WordPress Accordion Slider PRO plugin suffers from an SQL injection vulnerability that stems from the application's lack of...
MailEnable theme parameter cross-site scripting vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
MailEnable WindowContext Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from improperly cleaned WindowContext parameters in...
WordPress Add Custom Codes plugin Cross-Site Request Forgery Vulnerability
WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...
MailEnable FieldBcc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
MailEnable AddressesCc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
WordPress Plugin WP AI CoPilot Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin WP AI CoPilot, which...
WordPress BERTHA AI plugin missing authorization vulnerability
WordPress BERTHA AI plugin is an artificial intelligence plugin designed for WordPress websites, the main features include automated content generation, image creation and SEO optimization, designed to improve the efficiency of website content creation. A lack of authorization vulnerability exist...
Microsoft Office Code Execution Vulnerability (CNVD-2025-3057378)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A security vulnerability exists in Microsoft Office. An attacker could exploit the vulnerability to remotel...
Microsoft Office Code Execution Vulnerability (CNVD-2025-30659)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which is caused due to a type confusion flaw. An...
MailEnable Code Issue Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a code issue vulnerability that stems from an insecure DLL loading mechanism that can be exploited by an attacker to...
WordPress Plugin Beaver Builder Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...
MailEnable AddressesBcc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
MailEnable Added Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
Microsoft Hyper-V Denial of Service Vulnerability (CNVD-2026-17160)
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...
WordPress Plugin WebP Express Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097104)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Online Ordering System user_contact.php File SQL Injection Vulnerability
Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097005)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Employee Profile Management System /view_personnel.php File Cross-Site Scripting Vulnerability
Employee Profile Management System is an employee profile management system. Employee Profile Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter peraddress/drschool/otherschool in...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3056050)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which arises from a multi-threaded race condition that can be exploited by an attacker to cause an impac...
Command Execution Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1018960)
Ltd. is a deep-rooted enterprise in the field of visualization. A command execution vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to remotely execute commands...
Employee Profile Management System /view_personnel.php File SQL Injection Vulnerability
Employee Profile Management System is an employee profile management system. The Employee Profile Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter perid in the file /viewpersonnel.php. An...
mall-swarm authorization issue vulnerability
mall-swarm is a microservice mall system. An authorization issue vulnerability exists in mall-swarm, which stems from incorrect manipulation of the parameter ids in the file /member/readHistory/delete, for which no detailed vulnerability details are provided at this time...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3096906)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097203)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097302)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097500)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097699)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097798)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Advantech WISE-DeviceOn Server Hard-Coded Encryption Key Vulnerability
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...
Currency Exchange System /edit.php File SQL Injection Vulnerability
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of file /edit.php. An attacker can exploit this vulnerability to execute...
Huawei HarmonyOS Improper Security Check Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from an Improper Security Check vulnerability that originates from a vulnerability in the improper standard security check in the card module, which can be exploited by a...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-3113638)
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a denial-of-service vulnerability that originates from a denial-of-service vulnerability in Office Services, which can be exploited by an attacker to cause a...
Huawei HarmonyOS Competitive Conditions Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a competitive condition vulnerability, which originates from a competitive condition vulnerability in the audio module, and can be exploited by an attacker to affect...
Huawei HarmonyOS Denial of Service Vulnerability
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. A denial of service vulnerability exists in Huawei HarmonyOS, which originates from the vulnerability of office service to denial of service attacks. An attacker could exploit this vulnerability ...
Google Android Competitive Conditions Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a competitive condition vulnerability that can be exploited by an attacker to cause bypassing of intent filters and local elevation of privilege...
Google Android Insecure Default Settings Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure default settings vulnerability that can be exploited by attackers to cause a local elevation of privilege...
Google Android Precondition Check Failure Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a pre-condition check failure vulnerability that can be exploited by an attacker to cause a remote elevation of privilege...