ZTE ElasticNet UME R32 on Linux Mismanagement of Privileges Vulnerability

ZTE ElasticNet UME R32 is a service management and traffic processing platform from China's ZTE Corporation ZTE. A mismanagement of privileges vulnerability exists in ZTE ElasticNet UME R32 on Linux, which can be exploited by an attacker to gain access to functionality that is not properly...

Apache Hive SQL Injection Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

Cisco Catalyst Center Cross-Site Scripting Vulnerability

Cisco Catalyst Center Cisco DNA Center is a network management system from the American company Cisco. Cisco Catalyst Center suffers from a cross-site scripting vulnerability that stems from insufficient user input validation. An attacker could exploit the vulnerability to cause cross-site...

WordPress TAX SERVICE Electronic HDM Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in WordPress TAX SERVICE Electronic HDM, which stems from a lack of authorization and CSRF checks in AJAX operations. An attacker...

Cisco Catalyst Center Operating System Command Injection Vulnerability

Cisco Catalyst Center Cisco DNA Center is a network management system from the American company Cisco. Cisco Catalyst Center Cisco DNA Center suffers from an operating system command injection vulnerability that stems from insufficient user input validation. An attacker could exploit this...

Wireshark Buffer Overflow Vulnerability (CNVD-2025-30215)

Wireshark formerly Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark version 4.6.0 suffers from a buffer overflow vulnerability that stems from a BPv7 pars...

FastAdmin Arbitrary File Read Vulnerability of Shenzhen Extreme Creative Technology Co.

FastAdmin is an open source and free commercial backend development framework, built on ThinkPHP and Bootstrap, with a comprehensive permission management system and one-click generation of CRUD and other powerful features. Shenzhen Extreme Creative Technology Co. FastAdmin arbitrary file reading...

WordPress Plugin YouTube Subscribe Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...

WordPress Plugin Zweb Social Mobile Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Zweb Social Mobile, which...

WordPress Ace Post Type Builder plugin unauthorized custom taxonomy removal vulnerability

WordPress Ace Post Type Builder plugin is a plugin for creating and managing Custom Post Types CustomPostTypes,CPT, which helps users to extend the content structure in WordPress with support for advanced features such as custom fields, categories and tags. WordPress Ace Post Type Builder plugin...

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...

WordPress Autochat Automatic Conversation plugin unauthorized data modification vulnerability

WordPress Autochat Automatic Conversation plugin is an automated chat plugin designed for WordPress, which is mainly used to automate the communication between website visitors and merchants. WordPress Autochat Automatic Conversation plugin suffers from an unauthorized data modification...

WordPress Chamber Dashboard Business Directory plugin unauthorized data export vulnerability

WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...

WordPress Conditional Maintenance Mode plugin cross-site request forgery vulnerability

The WordPress Conditional Maintenance Mode plugin is a tool for setting a website to maintenance mode under certain conditions, allowing administrators to flexibly control the enabling and disabling of the maintenance status according to their needs. A cross-site request forgery vulnerability...

WordPress iframe plugin cross-site scripting vulnerability

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress Job Board by BestWebSoft plugin cross-site scripting vulnerability

WordPress Job Board by BestWebSoft plugin is WordPress plugin for creating and managing job posting features. The WordPress Job Board by BestWebSoft plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Locker Content plugin Information Disclosure Vulnerability

The WordPress Locker Content plugin is a tool for locking content in WordPress websites, usually by restricting access through email subscriptions, user permissions, etc. An information disclosure vulnerability exists in WordPress Locker Content plugin, which originates from the lockercosubmitpos...

WordPress Peer Publish plugin Cross-Site Request Forgery Vulnerability

The WordPress Peer Publish plugin is a tool for multi-author collaboration that allows users to submit posts to a WordPress blog for review and publication by other users. A cross-site request forgery vulnerability exists in WordPress Peer Publish plugin, which stems from a lack of random number...

ASUS Router Authentication Bypass Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which can be exploited by an attacker to cause unauthorized devic...

ASUS Router Command Injection Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A command injection vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the device to execute...

WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

WordPress ProjectList plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. The WordPress ProjectList plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping of parameter ids, which can be exploited by a...

WordPress ProjectList plugin arbitrary file upload vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress ProjectList plugin, which stems from a lack of file type validation and can be exploited by an attacker to cause...

WordPress Refund Request for WooCommerce plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Refund Request for WooCommerce plugin, which stems from a lack of privilege checking and can be exploited...

ASUS Router Integer Overflow Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An integer underflow vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the availability of th...

ASUS Router Authentication Bypass Vulnerability (CNVD-2025-29936)

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...

ASUS Router Path Traversal Vulnerability (CNVD-2025-29937)

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A path traversal vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the integrity of the devic...

ASUS Router Stack Buffer Overflow Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a stack buffer overflow vulnerability that originates from a boundary error when the application handl...

ASUS Router SQL Injection Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally enter...

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin unauthorized access vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a lack of privilege...

WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...

ASUS Router Path Traversal Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A path traversal vulnerability exists in ASUS Router, which can be exploited by an attacker to affect the integrity of the devi...

WordPress Just Highlight plugin cross-site scripting vulnerability

WordPress Just Highlight plugin is a WordPress plugin mainly used for highlighting code snippets in posts or pages with syntax highlighting support. WordPress Just Highlight plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

Online Shopping Portal Insecure Direct Object Reference Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

WordPress CIBELES AI plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CIBELES AI plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The...

WordPress AI Feeds plugin arbitrary file upload vulnerability

WordPress AI Feeds plugin is an open source software that is mainly used to generate and manage feeds for blogs. WordPress AI Feeds plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The vulnerability can be...

WordPress EduKart Pro plugin elevation of privilege vulnerability

WordPress EduKart Pro plugin is an e-commerce plugin for the WordPress platform that is primarily used to build and manage online stores. WordPress EduKart Pro plugin has an elevation of privilege vulnerability that stems from the edukartproregisteruserfrontend function not restricting user...

Hostel Management System register-complaint.php file cross-site scripting vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter cdetails in the file /register-complaint.php, which can be exploit...

Library System index.php File SQL Injection Vulnerability

Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...

Blog Site admin.php file improper authorization vulnerability

Blog Site is a blogging system. Blog Site suffers from an improper authorization vulnerability that originates in the file /admin.php, which can be exploited by an attacker to compromise confidentiality, integrity, and availability...

Blog Site blog.php File SQL Injection Vulnerability

Blog Site is a blogging system. Blog Site suffers from an SQL injection vulnerability that originates from the lack of validation of the name/field parameter in the file /resources/functions/blog.php for externally typed SQL statements. An attacker can exploit this vulnerability to execute illega...

Library System mail.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...

AMD uProf Input Validation Improperity Vulnerability

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from an improper input validation vulnerability that can be exploited by an attacker to write to arbitrary physical...

AMD uProf Return Value Mishandling Vulnerability

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. A return value mishandling vulnerability exists in AMD uProf, which can be exploited by an attacker to cause a KSLR bypass and loss of...

AMD Xilinx Run Time Buffer Overflow Vulnerability

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. A buffer overflow vulnerability exists in AMD Xilinx Run Time, which can be exploited by an attacker to cause the reading or corrupti...

AMD XOCL driver improper input validation vulnerability (CNVD-2025-29744)

AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...

AMD XOCL driver improper input validation vulnerability

AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...

AMD uProf Input Validation Improperity Vulnerability (CNVD-2025-29739)

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from an improper input validation vulnerability that can be exploited by an attacker to cause an out-of-bounds write...

IBM Concert Encryption Issues Vulnerabilities

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...

Library System return.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /return.php. An attacker can exploit this vulnerability to execute illegal SQL commands ...