Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/12/15 12:0 a.m.•4 views

Rockwell Automation 432ES-IG3 Series A Denial of Service Vulnerability

The Rockwell Automation 432ES-IG3 Series A is a safety I/O module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 432ES-IG3 Series A, which can be exploited by an attacker to cause a denial of service...

8.7CVSS5.9AI score0.00326EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•4 views

Adobe ColdFusion Input Validation Improperity Vulnerability (CNVD-2026-0494539)

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...

8.4CVSS6.1AI score0.03878EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•9 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00691)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00214EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•5 views

Siemens RUGGEDCOM ROX II Injection Vulnerability (CNVD-2026-00018)

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to cause execution of arbitrary code...

7.5CVSS7.7AI score0.00596EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•4 views

Siemens RUGGEDCOM ROX II Injection Vulnerability

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to gain root privileges...

8.8CVSS7.7AI score0.00475EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•5 views

Adobe ColdFusion Credential Protection Insufficiency Vulnerability

Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an insufficiently protected credentials...

5.3CVSS5.9AI score0.00388EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•5 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00686)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00214EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•5 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00682)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.00173EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/15 12:0 a.m.•6 views

Employee Profile Management System edit_personnel.php File SQL Injection Vulnerability

Employee Profile Management System is an employee profile management system. The Employee Profile Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter perid in the file editpersonnel.php. An...

9.8CVSS8.3AI score0.00339EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•12 views

MailEnable WindowContext Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from improperly cleaned WindowContext parameters in...

6.1CVSS6.3AI score0.00344EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•12 views

MailEnable Id Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•14 views

MailEnable InstanceScope Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•11 views

MailEnable FieldCc Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•12 views

MailEnable AddressesTo Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.3AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•10 views

MailEnable Failed Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6AI score0.00418EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Plugin Geo Controller Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

7.5CVSS6.2AI score0.0025EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•6 views

Tenda CH22 Buffer Overflow Vulnerability (CNVD-2025-3077012)

The Tenda CH22 is an enterprise-grade wireless router for small to medium-sized businesses or home office environments. It supports single-band 2.4GHz wireless networks with a maximum transmission rate of up to 450Mbps. A buffer overflow vulnerability exists in the Tenda CH22 in version 1.0.0.1...

9CVSS8.4AI score0.00711EPSS
Exploits1References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•6 views

WordPress plugin Shortcodes and extra features for Phlox theme information leakage vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Shortcodes and extra...

5.3CVSS6AI score0.0025EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•9 views

Microsoft Office Code Execution Vulnerability (CNVD-2025-3057378)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A security vulnerability exists in Microsoft Office. An attacker could exploit the vulnerability to remotel...

7.8CVSS6.8AI score0.00562EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•5 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30655)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00526EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•4 views

WordPress BERTHA AI plugin missing authorization vulnerability

WordPress BERTHA AI plugin is an artificial intelligence plugin designed for WordPress websites, the main features include automated content generation, image creation and SEO optimization, designed to improve the efficiency of website content creation. A lack of authorization vulnerability exist...

5.3CVSS6.7AI score0.00292EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•4 views

WordPress Add Custom Codes plugin Cross-Site Request Forgery Vulnerability

WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...

8.8CVSS6.7AI score0.00128EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•5 views

Microsoft Office Code Execution Vulnerability (CNVD-2025-30660)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...

8.4CVSS8.1AI score0.00397EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30653)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00491EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•3 views

WordPress ArtPlacer Widget plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress ArtPlacer Widget plugin that stems from the application's lack of validation of externally entered SQL statements. No...

9.8CVSS8AI score0.00274EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•4 views

WordPress Plugin EventPrime Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin EventPrime, which can be...

4.3CVSS6AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•12 views

MailEnable AddressesCc Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•16 views

MailEnable Code Issue Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a code issue vulnerability that stems from an insecure DLL loading mechanism that can be exploited by an attacker to...

8.5CVSS7.6AI score0.00164EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•13 views

MailEnable theme parameter cross-site scripting vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6.2AI score0.00418EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•3 views

WordPress Debug Log Viewer plugin missing license vulnerability

WordPress Debug Log Viewer plugin is a tool for managing debug logs for WordPress systems. A lack of authorization vulnerability exists in the WordPress Debug Log Viewer plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

5.4CVSS6.8AI score0.00174EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•14 views

MailEnable FieldTo Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•13 views

MailEnable FieldBcc Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.2AI score0.00336EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Plugin Beaver Builder Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

4.3CVSS6.1AI score0.00357EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Accordion Slider PRO plugin SQL Injection Vulnerability

WordPress Accordion Slider PRO plugin is a responsive, touch-enabled slider plugin for WordPress that allows users to create professional and elegant slider effects. The WordPress Accordion Slider PRO plugin suffers from an SQL injection vulnerability that stems from the application's lack of...

9.8CVSS8AI score0.00274EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Essential Widgets plugin cross-site scripting vulnerability

WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...

6.5CVSS6.1AI score0.00167EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•1 views

WordPress Donation Thermometer plugin cross-site scripting vulnerability

The WordPress Donation Thermometer plugin is a plugin for WordPress sites that visualizes the progress of donations by displaying a progress bar usually like a thermometer. The WordPress Donation Thermometer plugin suffers from a cross-site scripting vulnerability that stems from the application'...

6.5CVSS6.1AI score0.00167EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30658)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS8AI score0.00664EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•1 views

WordPress Actionwear products sync plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Actionwear products sync plugin, no details of the vulnerability are provided at this time...

4.3CVSS6.9AI score0.00328EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•3 views

Microsoft Hyper-V Denial of Service Vulnerability (CNVD-2026-17160)

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

5.3CVSS5.8AI score0.00972EPSS
Exploits0
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•1 views

WordPress AdForest plugin missing authorization vulnerability

WordPress AdForest plugin is a popular classified ads solution for building an online classified ads platform on your WordPress website. WordPress AdForest plugin suffers from a missing authorization vulnerability that stems from an improperly configured access control security level. No detailed...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•5 views

Microsoft Exchange Server Spoofing Vulnerability (CNVD-2026-14410)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...

5.3CVSS5.8AI score0.00836EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Plugin Portfolio and Projects Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Portfolio and Projects,...

4.3CVSS6AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•4 views

Microsoft Excel Code Execution Vulnerability (CNVD-2025-30657)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.1AI score0.00619EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•1 views

WordPress Plugin WP EasyCart Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP EasyCart, which...

5.3CVSS6AI score0.0025EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•3 views

WordPress Auto Alt Text plugin cross-site request forgery vulnerability

WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...

4.3CVSS6.8AI score0.00111EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•3 views

WordPress Plugin WP AI CoPilot Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin WP AI CoPilot, which...

4.3CVSS6AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Chartify plugin cross-site request forgery vulnerability

The WordPress Chartify plugin is a tool for quickly building charts and graphs in your WordPress site, designed to simplify the process of data visualization. WordPress Chartify plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately...

8.8CVSS6.9AI score0.00139EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•4 views

Microsoft Office Code Execution Vulnerability (CNVD-2025-30659)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which is caused due to a type confusion flaw. An...

8.4CVSS8AI score0.00406EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•2 views

WordPress Plugin Download Manager Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Download Manager, which...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
•added 2025/12/12 12:0 a.m.•5 views

Microsoft Word Code Execution Vulnerability (CNVD-2025-30662)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to execute arbitrary code on a system...

7.8CVSS8AI score0.00603EPSS
Exploits0References1
Total number of security vulnerabilities131179