131179 matches found
ChurchCRM UserEditor.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the type parameter of the src/UserEditor.php file. No details of the vulnerability are provided at this time...
RiteCMS Code Execution Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a code execution vulnerability that stems from a flaw in the parsespecialtags function, which can be exploited by an attacker to cause remote code execution...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04261)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...
Kentico Xperience Information Disclosure Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that originates in the Live Site Part Properties dialog box that could disclose sensitive system objects and can be exploited by an attacker to cause unauthorize...
Kentico Xperience HTML Injection Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05123)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05121)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
ChurchCRM Cross-Site Scripting Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the View Active People, View Inactive People, and View All People pages, which can be exploited b...
ChurchCRM ListEvents.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the WhichType parameter in the src/ListEvents.php file. No details of the vulnerability are provided at this ti...
ChurchCRM eGive.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the MissingEgiveFamID parameter in the eGive.php file. No detailed vulnerability details are provided at this...
RiteCMS File Containment Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a file inclusion vulnerability, the vulnerability stems from the admin.php component does not do effective filtering of local file resource calls, an attacker can use this vulnerability to read any file on th...
WordPress Plugin Restaurant Menu by MotoPress Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Restaurant Menu by...
Online Appointment Booking System deletemanager.php File SQL Injection Vulnerability
Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter managername in the file /admin/deletemanager.ph...
ChurchCRM Privilege Elevation Vulnerability
ChurchCRM is an open source CRM system for churches. ChurchCRM suffers from an elevation of privilege vulnerability that stems from the application not properly implementing an access control mechanism that directly references data transmitted from the client as an object, no details of the...
WordPress Plugin myCred Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin myCred has an information disclosure vulnerability, the vulnerability stems fr...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05127)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...
Prison Management System search.php File SQL Injection Vulnerability
Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...
Student File Management System update_student.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...
Online Appointment Booking System clinic parameter SQL injection vulnerability
Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file...
WordPress Plugin Appointment Booking Calendar Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Appointment Booking...
Microsoft Azure Cognitive Service for Language Elevation of Privilege Vulnerability
Microsoft Azure Cognitive Service for Language is a cloud-based natural language processing service from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Azure Cognitive Service for Language, which is caused by a flaw in a customized question and answer. An attacker coul...
Kentico Xperience SQL Injection Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Online Marketing Macro Method parameter. An attacker can exploit this vulnerability to...
ChurchCRM GroupEditor.php Page Cross-Site Scripting Vulnerability
ChurchCRM is an open source church management system. ChurchCRM has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the GroupEditor.php page, which can be exploited by an attacker to execute arbitrary Web script or HTML by...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...
Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...
Student File Management System stud_no Parameter SQL Injection Vulnerability
Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file loginquery.php. An attacker can...
ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0535400)
ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and coding when storing user-entered HTML/JS, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a crafted...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05119)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to cause the theft of sensitive data by executing a malicious script in a user's browser...
ChurchCRM Event Participant Editor SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the event participant editor. An attacker can exploit the vulnerability to cause a full database disclosure and...
Complete Online Beauty Parlor Management System /bwdates-reports-details.php file cross-site scripting vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter...
Student File Management System Cross-Site Scripting Vulnerability
Student File Management System is a student file management system. Student File Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/updatestudent.php, which can be exploited by a...
WordPress Plugin MasterStudy LMS Pro Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS Pro. The...
Apache HugeGraph-Server Deserialization Vulnerability
Apache HugeGraph-Server is a server-side process for graph databases from the Apache Foundation. Apache HugeGraph-Server suffers from a deserialization vulnerability that stems from insecure Hessian deserialization in the PD store, which can be exploited by an attacker to cause remote code...
Kentico Xperience Access Control Bypass Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an access control bypass vulnerability that can be exploited by an attacker to cause an account takeover...
Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11781)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A directory traversal vulnerability exists in...
Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2026-00010)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A spoofing vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to perform spoofing attacks...
Kentico Xperience Information Disclosure Vulnerability (CNVD-2026-04247)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...
Kentico Xperience Information Disclosure Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by an attacker to cause exposure of internal network details...
Apache StreamPark Security Bypass Vulnerability
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a security bypass vulnerability due to the use of a fixed, immutable encryption key. An attacker could exploit the vulnerability to decrypt...
NVIDIA Nemo Framework Code Issue Vulnerability (CNVD-2026-1237200)
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA NeMo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, denial of service, and data tampering...
Unspecified vulnerability in Kentico Xperience (CNVD-2026-04264)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a security vulnerability that can be exploited by an attacker to cause URL hashes to be tampered with...
Complete Online Beauty Parlor Management System /search-invoices.php File SQL Injection Vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...
Scholars Tracking System delete_user.php File SQL Injection Vulnerability
Scholars Tracking System is a scholars tracking system. Scholars Tracking System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter ID in file /admin/deleteuser.php. An attacker can exploit this vulnerability to...
RiteCMS Improper Access Control Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from an improper access control vulnerability that stems from a lack of validity checking of paths in the /templates/ component when processing directory requests, which can be exploited by an attacker to...
Unspecified vulnerability in Kentico Xperience (CNVD-2026-04263)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience has a security vulnerability that can be exploited by an attacker to cause sensitive information to be exposed to an external domain...
RiteCMS Cross-Site Scripting Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...
WordPress Plugin Ultimate Member Widgets for Elementor Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Ultimate Member Widgets...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04265)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0536090)
ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...