131179 matches found
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05124)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via an error message containing a specially crafted object name...
Apache StreamPark Weak Algorithm Vulnerability
Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. Apache StreamPark suffers from a weak algorithmic vulnerability that stems from the use of weak encryption algorithms, which can be exploited by an attacker to expose sensitive...
Computer Laboratory System File Upload Vulnerability
Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from a misbehavior of the parameter image in the file technicalstaffpic.php, which can be exploited by an attacker to cause an arbitrary file upload...
RiteCMS Cross-Site Request Forgery Vulnerability
RiteCMS is an open source content management system based on php and sqlite. RiteCMS has a cross-site request forgery vulnerability, the vulnerability stems from the page creation and editing functions do not adequately verify whether the request comes from a trusted user, an attacker can use thi...
Student File Management System save_user.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /admin/saveuser.php. An...
Student File Management System /save_student.php File SQL Injection Vulnerability
Student File Management System is a student file management system. Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentno in the file /admin/savestudent.php. An attacker...
Apache Fineract Information Disclosure Vulnerability (CNVD-2026-00006)
Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an...
WordPress plugin Follow My Blog Post interest leakage vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Follow My Blog Post, whi...
Student File Management System /delete_student.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentid in the file /admin/deletestudent.php. An...
ChurchCRM Code Execution Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...
Prison Management System search1.php File SQL Injection Vulnerability
Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search1.php. An attacker can exploit this...
Student File Management System login_query.php File SQL Injection Vulnerability
Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in the file /admin/loginquery.php. An...
Kentico Xperience Security Bypass Vulnerability
Kentico Xperience is a digital experience platform from Kentico. A security bypass vulnerability exists in Kentico Xperience, which can be exploited by an attacker to cause a compromise of session security and authentication state...
Apple macOS Information Disclosure Vulnerability (CNVD-2026-16059)
Apple macOS is an operating system from the American company Apple Apple. Apple macOS has an information disclosure vulnerability that can be exploited by attackers to cause access to sensitive user data...
Student File Management System user_id Parameter SQL Injection Vulnerability
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /admin/updateuser.php. An attacker ca...
ChurchCRM Information Disclosure Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...
Kentico Xperience Cross-Site Scripting Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via a form redirect URL configuration...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04265)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
NVIDIA Nemo Framework Code Issue Vulnerability
NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. The NVIDIA Nemo Framework contains a security vulnerability that can be exploited by attackers to cause code execution, elevation of privilege, information disclosure, and data tampering...
ChurchCRM UserEditor.php File SQL Injection Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the type parameter of the src/UserEditor.php file. No details of the vulnerability are provided at this time...
Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11783)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...
Advantech WebAccess/SCADA SQL Injection Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...
Command Injection Vulnerability in TOTOLINK N200RE setOpModeCfg
The TOTOLINK N200RE is a wireless broadband router for small office or home SOHO environments. The TOTOLINK N200RE suffers from a command injection vulnerability that stems from a command injection of hostName in setOpModeCfg. No details of the vulnerability are provided at this time...
Advantech WebAccess/SCADA Directory Traversal Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...
Advantech WebAccess/SCADA Code Issue Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...
WordPress Events Manager Plugin Information Disclosure Vulnerability
WordPress Events Manager Plugin is a full-featured open source plugin designed for managing events on WordPress sites. WordPress Events Manager Plugin suffers from an information disclosure vulnerability that stems from an under-restricted getlocation operation, which can be exploited by an...
WordPress Hide Email Address plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Hide Email Address plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the inlinecss...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-1134083)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Filebird Plugin Missing Authorization Vulnerability
WordPress Filebird Plugin is a media library management plugin for WordPress that allows users to organize media files by creating folders and subfolders to improve the efficiency of media library management. WordPress Filebird Plugin suffers from a missing authorization vulnerability, which can ...
WordPress Header Footer Script Adder plugin Cross Site Scripting Vulnerability
WordPress Header Footer Script Adder plugin is a plugin that allows users to insert custom code in the header and footer areas of a website. The WordPress Header Footer Script Adder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
WordPress GPXpress plugin cross-site scripting vulnerability
WordPress GPXpress plugin is a plugin for WordPress that is mainly used to embed aesthetically pleasing maps to display GPX paths. A cross-site scripting vulnerability exists in the WordPress GPXpress plugin, which stems from the lack of effective filtering and escaping of user-supplied data in t...
WordPress Fancy Product Designer plugin server-side request forgery vulnerability
WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. A server-side request forgery vulnerability exists in the WordPress Fancy Product Designer plugin, which stems from the presence...
WordPress Fancy Product Designer plugin information disclosure vulnerability
WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...
WordPress FileBird Pro plugin missing authorization vulnerability
WordPress FileBird Pro plugin is a media library management plugin for WordPress websites designed to help users organize and manipulate media files more efficiently. A missing authorization vulnerability exists in WordPress FileBird Pro plugin, which can be exploited by an attacker to leverage a...
WordPress Fix Media Library plugin information disclosure vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress Fix Media Library plugin that stems from inserting sensitive information into the sent data, no details of the...
WordPress Freshchat plugin cross-site request forgery vulnerability
WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...
WordPress FAPI Member plugin authorization bypass vulnerability
The FAPI Member plugin is a tool for connecting and integrating the FAPIMember service with WordPress sites. An authorization bypass vulnerability exists in the WordPress FAPI Member plugin, which stems from a user control key bypassing authorization, and can be exploited by an attacker to levera...
WordPress Grider for Elementor plugin missing license vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Grider for Elementor plugin, which can be exploited by an attacker to leverage an incorrectly configured access...
WordPress HelloLeads CRM Form Shortcode plugin missing authorization vulnerability
WordPress HelloLeads CRM Form Shortcode plugin is a WordPress plugin with integrated Customer Relationship Management CRM functionality that allows users to embed CRM forms and marketing tools on their websites through shortcodes. A lack of authorization vulnerability exists in the WordPress...
WordPress FX Currency Converter plugin cross-site scripting vulnerability
WordPress FX Currency Converter plugin is a plugin for WordPress websites designed to provide currency conversion functionality that allows users to perform real-time exchange rate calculations between different currencies. The WordPress FX Currency Converter plugin suffers from a cross-site...
Apple macOS Tahoe Underchecked Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient inspection vulnerability that can be exploited by an attacker to ask for...
Apple macOS Tahoe Logic Insufficient Limits Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Logical Restriction Insufficiency vulnerability that can be exploited by an attacker to...
Apple macOS Tahoe Underchecked Vulnerability (CNVD-2025-3114612)
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an undercheck vulnerability that can be exploited by an attacker to cause an application t...
Apple macOS Tahoe Insufficient Authentication Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an insufficient authentication vulnerability that can be exploited by an attacker to cause...
Apple macOS Tahoe Insufficient Privilege Restriction Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...
Apple macOS Tahoe Symbolic Link Validation Insufficiency Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Symbolic Link Validation Insufficiency vulnerability that can be exploited by an attacke...
Apple macOS Tahoe Permission Issues Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a privilege issue vulnerability that stems from the system having insufficient security...
Apple macOS Tahoe Sandboxing Insufficient Restrictions Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from an Insufficient Sandbox Restrictions vulnerability, which stems from an insufficient...
Apple macOS Tahoe Symbolic Link Mishandling Vulnerability (CNVD-2025-3115302)
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a symbolic link mishandling vulnerability that stems from insufficient security restrictio...
Apple macOS Tahoe Memory Mishandling Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a memory mishandling vulnerability that stems from a flaw in the system's memory handling...