131179 matches found
MailEnable AddressesBcc Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
WordPress Basel plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in WordPress Basel plugin that stems from an improperly configured access control security level. No details of the vulnerability ar...
WordPress Animation Addons for Elementor plugin SQL Injection Vulnerability
WordPress Animation Addons for Elementor plugin is an Elementor page builder extension plugin for the WordPress platform, focused on adding rich animation effects to websites. The WordPress Animation Addons for Elementor plugin suffers from a SQL injection vulnerability that stems from improper...
WordPress Business Directory Plugin Cross-Site Request Forgery Vulnerability
WordPress Business Directory Plugin is a plugin for creating and managing business directories such as business yellow pages, real estate listings, or classified ads on your WordPress website. WordPress Business Directory Plugin suffers from a cross-site request forgery vulnerability that stems...
Microsoft Exchange Server Input Validation Error Vulnerability (CNVD-2025-3057284)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A security vulnerability exists in Microsoft Exchange Server. An attacker could exploit the...
WordPress Essential Widgets plugin cross-site scripting vulnerability
WordPress Essential Widgets plugin is a tool used to enhance the functionality of your website, mainly providing the ability to create and add highly customizable widgets Widgets to help users manage the layout of their website content more flexibly. A cross-site scripting vulnerability exists in...
Microsoft Windows Routing and Remote Access Service Remote Code Execution Vulnerability
Microsoft Windows Routing and Remote Access Service is a network service from Microsoft USA that is used to implement features such as network routing, virtual private networks VPNs and dial-up connections. A remote code execution vulnerability exists in Microsoft Windows Routing and Remote Acces...
Microsoft Outlook Resource Management Error Vulnerability
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A security vulnerability exists in Microsoft Outlook. An attacker could exploit the vulnerability to remotely execute code...
MailEnable Added Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30654)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel due to an untrusted pointer dereference flaw. An attacker could exploit the vulnerability to execute arbitrary code on the system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30658)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Microsoft Excel Code Execution Vulnerability (CNVD-2025-30657)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
WordPress AdForest plugin missing authorization vulnerability
WordPress AdForest plugin is a popular classified ads solution for building an online classified ads platform on your WordPress website. WordPress AdForest plugin suffers from a missing authorization vulnerability that stems from an improperly configured access control security level. No detailed...
WordPress Plugin Download Manager Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Download Manager, which...
Tenda CH22 Buffer Overflow Vulnerability (CNVD-2025-3077012)
The Tenda CH22 is an enterprise-grade wireless router for small to medium-sized businesses or home office environments. It supports single-band 2.4GHz wireless networks with a maximum transmission rate of up to 450Mbps. A buffer overflow vulnerability exists in the Tenda CH22 in version 1.0.0.1...
Nextcloud Calendar Security Feature Issue Vulnerability
Nextcloud Calendar is a Nextcloud open source calendar application. Nextcloud Calendar suffers from a security signature issue vulnerability that stems from an insecure way of generating meeting proposal participant tokens, which can be exploited by an attacker to cause the tokens to be computed...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097500)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
WordPress Plugin SSP Debug Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin SSP Debug, which stems from...
Simple Shopping Cart adminlogin.php File SQL Injection Vulnerability
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminusername in the file /adminlogin.php. An attacker can exploit this...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097401)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...
Employee Profile Management System /view_personnel.php File Cross-Site Scripting Vulnerability
Employee Profile Management System is an employee profile management system. Employee Profile Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter peraddress/drschool/otherschool in...
Online Ordering System /admin File SQL Injection Vulnerability
Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file /admin/. An attacker can exploit this vulnerability t...
Currency Exchange System /editotheraccount.php File SQL Injection Vulnerability
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editotheraccount.php. An attacker can exploit this vulnerabili...
Currency Exchange System /edit.php File SQL Injection Vulnerability
Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of file /edit.php. An attacker can exploit this vulnerability to execute...
Huawei HarmonyOS/EMUI Privilege Control Vulnerability (CNVD-2026-0013655)
Huawei HarmonyOS is Huawei's self-developed distributed operating system, designed for cell phones, tablets, smart homes and other full-scene devices to achieve seamless cross-device collaboration. Huawei EMUI is Huawei's deeply customized mobile operating system based on Android. A privilege...
Command Execution Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1018960)
Ltd. is a deep-rooted enterprise in the field of visualization. A command execution vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to remotely execute commands...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097798)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
WordPress Plugin SurveyFunnel - Survey Plugin for WordPress Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in SurveyFunnel - Survey Plugin for WordPress...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097203)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
UTT aggressive 512W buffer overflow vulnerability (CNVD-2026-0079790)
The UTT Progressive 512W is an enterprise-grade wireless router from Atech UTT designed for small and medium-sized businesses SOHO and similarly sized network environments for access scenarios of 30 to 50 users. The UTT Progressive 512W suffers from a buffer overflow vulnerability, which originat...
Google Android elevation of privilege vulnerability (CNVD-2025-3067712)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause an elevation of physical privileges...
Advantech WISE-DeviceOn Server Hard-Coded Encryption Key Vulnerability
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a hard-coded encryption key vulnerability that can be exploited by an attacker to impersonate an arbitrary account...
Apache HTTP Server Cross-Site Request Forgery Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...
Huawei HarmonyOS Denial of Service Vulnerability (CNVD-2025-3113638)
Huawei HarmonyOS is a distributed operating system developed independently by Huawei Technologies Co. Huawei HarmonyOS suffers from a denial-of-service vulnerability that originates from a denial-of-service vulnerability in Office Services, which can be exploited by an attacker to cause a...
Google Chrome Information Disclosure Vulnerability (CNVD-2025-3038304)
Google Chrome is a web browser from Google, an American company. An information disclosure vulnerability exists in versions of Google Chrome prior to 139.0.7258.66, which stems from the disclosure of side-channel information during navigation and loading, and can be exploited by an attacker to...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data...
Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...
Apache HTTP Server Command Injection Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A command injection vulnerability exists in Apache HTTP Server versions prior to 2.4.66, which stems from modcgid passing a...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-30837)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.30 through 2.4.66 and earlier, which can be exploited by an...
Apache HTTP Server Code Execution Vulnerability (CNVD-2025-30835)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...
Google Android Insecure Defaults Vulnerability
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from an insecure defaults vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097699)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
UTT Progressive 520W Buffer Overflow Vulnerability (CNVD-2026-0079889)
The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability that stems from the failure of the parameter pools in the...
Employee Profile Management System /view_personnel.php File SQL Injection Vulnerability
Employee Profile Management System is an employee profile management system. The Employee Profile Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter perid in the file /viewpersonnel.php. An...
Advantech WISE-DeviceOn Server Cross-Site Scripting Vulnerability (CNVD-2025-3097104)
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Online Ordering System user_school.php File SQL Injection Vulnerability
Online Ordering System is an online ordering system. Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter productid in the file /userschool.php. An attacker can exploit this...
UTT Progressive 520W Buffer Overflow Vulnerability
The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability, which originates from the parameter addHostFilter in the...
Simple Shopping Cart additems.php File SQL Injection Vulnerability
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter itemname in the file /Admin/additems.php against externally entered SQL statements. An attacker can exploit this...
Huawei HarmonyOS file management app bypasses app lock checksum vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A vulnerability exists in the Huawei HarmonyOS file management app that bypasses the application lock checksum and can be exploited by an attacker to...
Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-3056050)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which arises from a multi-threaded race condition that can be exploited by an attacker to cause an impac...