131179 matches found
Rockwell Automation 432ES-IG3 Series A Denial of Service Vulnerability
The Rockwell Automation 432ES-IG3 Series A is a safety I/O module from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation 432ES-IG3 Series A, which can be exploited by an attacker to cause a denial of service...
Adobe ColdFusion Input Validation Improperity Vulnerability (CNVD-2026-0494539)
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. An improper input validation vulnerability exists in Adobe ColdFusion, whi...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00691)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Siemens RUGGEDCOM ROX II Injection Vulnerability (CNVD-2026-00018)
Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to cause execution of arbitrary code...
Siemens RUGGEDCOM ROX II Injection Vulnerability
Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to gain root privileges...
Adobe ColdFusion Credential Protection Insufficiency Vulnerability
Adobe ColdFusion is a dynamic Web server platform and application development framework maintained by Adobe for rapidly building and deploying data-driven dynamic Web sites, Web applications, and enterprise-class services. Adobe ColdFusion suffers from an insufficiently protected credentials...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00686)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-00682)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Employee Profile Management System edit_personnel.php File SQL Injection Vulnerability
Employee Profile Management System is an employee profile management system. The Employee Profile Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter perid in the file editpersonnel.php. An...
MailEnable WindowContext Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from improperly cleaned WindowContext parameters in...
MailEnable Id Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
MailEnable InstanceScope Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
MailEnable FieldCc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
MailEnable AddressesTo Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
MailEnable Failed Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
WordPress Plugin Geo Controller Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...
Tenda CH22 Buffer Overflow Vulnerability (CNVD-2025-3077012)
The Tenda CH22 is an enterprise-grade wireless router for small to medium-sized businesses or home office environments. It supports single-band 2.4GHz wireless networks with a maximum transmission rate of up to 450Mbps. A buffer overflow vulnerability exists in the Tenda CH22 in version 1.0.0.1...
WordPress plugin Shortcodes and extra features for Phlox theme information leakage vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Shortcodes and extra...
Microsoft Office Code Execution Vulnerability (CNVD-2025-3057378)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A security vulnerability exists in Microsoft Office. An attacker could exploit the vulnerability to remotel...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30655)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...
WordPress BERTHA AI plugin missing authorization vulnerability
WordPress BERTHA AI plugin is an artificial intelligence plugin designed for WordPress websites, the main features include automated content generation, image creation and SEO optimization, designed to improve the efficiency of website content creation. A lack of authorization vulnerability exist...
WordPress Add Custom Codes plugin Cross-Site Request Forgery Vulnerability
WordPress Add Custom Codes plugin is a free tool that allows users to add custom codes to WordPress websites. The WordPress Add Custom Codes plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying that a request is coming from a...
Microsoft Office Code Execution Vulnerability (CNVD-2025-30660)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30653)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...
WordPress ArtPlacer Widget plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress ArtPlacer Widget plugin that stems from the application's lack of validation of externally entered SQL statements. No...
WordPress Plugin EventPrime Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin EventPrime, which can be...
MailEnable AddressesCc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
MailEnable Code Issue Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a code issue vulnerability that stems from an insecure DLL loading mechanism that can be exploited by an attacker to...
MailEnable theme parameter cross-site scripting vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
WordPress Debug Log Viewer plugin missing license vulnerability
WordPress Debug Log Viewer plugin is a tool for managing debug logs for WordPress systems. A lack of authorization vulnerability exists in the WordPress Debug Log Viewer plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...
MailEnable FieldTo Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
MailEnable FieldBcc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
WordPress Plugin Beaver Builder Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...
WordPress Accordion Slider PRO plugin SQL Injection Vulnerability
WordPress Accordion Slider PRO plugin is a responsive, touch-enabled slider plugin for WordPress that allows users to create professional and elegant slider effects. The WordPress Accordion Slider PRO plugin suffers from an SQL injection vulnerability that stems from the application's lack of...
WordPress Essential Widgets plugin cross-site scripting vulnerability
WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...
WordPress Donation Thermometer plugin cross-site scripting vulnerability
The WordPress Donation Thermometer plugin is a plugin for WordPress sites that visualizes the progress of donations by displaying a progress bar usually like a thermometer. The WordPress Donation Thermometer plugin suffers from a cross-site scripting vulnerability that stems from the application'...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30658)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to execute arbitrary code on the system...
WordPress Actionwear products sync plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Actionwear products sync plugin, no details of the vulnerability are provided at this time...
Microsoft Hyper-V Denial of Service Vulnerability (CNVD-2026-17160)
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Hyper-V has a denial of service vulnerability that can be exploited by attackers to cause a denial of service...
WordPress AdForest plugin missing authorization vulnerability
WordPress AdForest plugin is a popular classified ads solution for building an online classified ads platform on your WordPress website. WordPress AdForest plugin suffers from a missing authorization vulnerability that stems from an improperly configured access control security level. No detailed...
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2026-14410)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server, which can be exploited by an attack...
WordPress Plugin Portfolio and Projects Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Portfolio and Projects,...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30657)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
WordPress Plugin WP EasyCart Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP EasyCart, which...
WordPress Auto Alt Text plugin cross-site request forgery vulnerability
WordPress Auto Alt Text plugin is a tool that uses artificial intelligence technology to automatically generate alternative text AltText for website images. The WordPress Auto Alt Text plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does no...
WordPress Plugin WP AI CoPilot Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin WP AI CoPilot, which...
WordPress Chartify plugin cross-site request forgery vulnerability
The WordPress Chartify plugin is a tool for quickly building charts and graphs in your WordPress site, designed to simplify the process of data visualization. WordPress Chartify plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately...
Microsoft Office Code Execution Vulnerability (CNVD-2025-30659)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. A code execution vulnerability exists in Microsoft Office, which is caused due to a type confusion flaw. An...
WordPress Plugin Download Manager Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Download Manager, which...
Microsoft Word Code Execution Vulnerability (CNVD-2025-30662)
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability to execute arbitrary code on a system...