130931 matches found
WordPress Plugin OneClick Chat to Order Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin OneClick Chat to Order,...
WordPress Appointment Booking Calendar plugin missing authorization vulnerability
WordPress Appointment Booking Calendar plugin is a tool for creating and managing an appointment system on your WordPress website, supporting calendar view, form customization, email notifications and other features for clinics, gyms, beauty salons and other scenarios. The WordPress Appointment...
WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability
WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...
WordPress Plugin CP Contact Form with PayPal Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin CP Contact Form with PayPal, which stem...
WordPress Accordion Slider plugin cross-site scripting vulnerability
WordPress Accordion Slider plugin is a plugin for creating collapsible sliders AccordionSlider. The WordPress Accordion Slider plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
WordPress Arconix Shortcodes plugin missing authorization vulnerability
WordPress Arconix Shortcodes plugin is a multifunctional WordPress plugin that offers a wide range of shortcodes functionality and supports the addition of accordions, labels, buttons and other elements to your website. WordPress Arconix Shortcodes plugin suffers from a missing authorization...
SQL Injection Vulnerability in RB Enterprise Management System of Shanghai Ruifang Technology Co.
RB Enterprise Management System is a zero-code, open source and free enterprise management system. RB Enterprise Management System of Shanghai Ruifang Technology Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the databa...
Tenda AC21 saveParentControlInfo File Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
IBM Concert Information Disclosure Vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an information disclosure vulnerability that stems from uncontrolled recursive directory replication,...
Revive Adserver stats-conversions.php script cross-site scripting vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Microsoft Application Gateway Elevation of Privilege Vulnerability
Microsoft Application Gateway is an application gateway from Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Application Gateway, which can be exploited by an attacker to elevate privileges...
Revive Adserver Uncontrolled Resource Consumption Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...
COVID Tracking System SQL Injection Vulnerability
The COVID Tracking System is a new crown pneumonia tracking system. The COVID Tracking System suffers from a SQL injection vulnerability that stems from the /admin/?page=state file not securely filtering the ID parameter. The vulnerability can be exploited by an attacker to illegally obtain...
D-Link DWR-M920 sub_41C7FC function buffer overflow vulnerability
The D-Link DWR-M920 is a 4GLTE wireless router manufactured by Youxun D-Link. The D-Link DWR-M920 suffers from a buffer overflow vulnerability that originates from malicious manipulation of the submit-url parameter of the sub41C7FC function in the /boafrm/formPinManageSetup file. An attacker can...
Apache Causeway Deserialization Vulnerability
Apache Causeway is the Apache Foundation of a Java rapid application development framework . Apache Causeway suffers from a deserialization vulnerability that originates from unsafe deserialization of user-controllable URL parameters in the receipt of serialized data submitted by the user, which...
Tenda AC21 SetIpMacBind File Stack Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
UTT Progressive 750W Command Injection Vulnerability
The UTT Progressive 750W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 750W suffers from a command injection vulnerability that stems from the failure of the parameter...
Complete Online Beauty Parlor Management System /customer-list.php file cross-site scripting vulnerability
Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Name ...
Tenda AC21 SetSysTimeCfg File Stack Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
Tenda AC21 saveParentControlInfo File Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
IBM Concert Output Neutralization Malpractice Vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from an improper output neutralization vulnerability that can be exploited by an attacker to cause a forge...
IBM Concert Information Disclosure Vulnerability (CNVD-2026-07114)
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by IBM in May 2024 at the IBMThink conference in Boston, USA. IBM Concert suffers from an information disclosure vulnerability that stems from t...
IBM Concert Encryption Problem Vulnerability (CNVD-2025-29669)
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from not properly enabling HTTP Strict Transport...
Tenda AC21 SetSysAutoRebbotCfg File Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
Tenda AC21 setPptpUserList Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
Revive Adserver Username In-Blank Neutralization and Improper Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver banner-zone.php script cross-site scripting vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29421)
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29419)
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver User Management System Design Insecurity Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver has a user...
Revive Adserver Format Character Neutralization Malpractice Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver Cross-Site Scripting Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver Missing Authorization Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver Authorization Bypass Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...
IBM Concert Cross-Site Scripting Vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering an...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29420)
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Revive Adserver Information Disclosure Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...
UFIDA U9 Multi-Organization Enterprise Internet Application Platform of UFIDA Network Technology Co.
UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...
Tenda AC21 SetVirtualServerCfg File Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
WordPress Plugin New User Approve Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin New User Approve, which...
WordPress Booking for Appointments plugin input validation error vulnerability
WordPress Booking for Appointments plugin is a tool for implementing appointment management on WordPress websites. The WordPress Booking for Appointments plugin suffers from an input validation error vulnerability that stems from a lack of validation for the tslotapptemail AJAX action, which can ...
WordPress Community Events plugin SQL Injection Vulnerability
WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...
WordPress Plugin Quiz Maker Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Quiz Maker, which stems...
Google Chrome Code Problem Vulnerability (CNVD-2025-29236)
Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome prior to version 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...
Google Chrome Code Problem Vulnerability (CNVD-2025-29234)
Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome prior to version 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...
Command Execution Vulnerability in DH2100+ NAS of Shenzhen Greenlink Technology Co.
The DH2100+ NAS is a two-drive network attached storage device designed for home and personal users. A command execution vulnerability exists in the Shenzhen Greenlink DH2100+ NAS, which can be exploited by attackers to remotely execute commands...
WordPress Code Snippets plugin code injection vulnerability
WordPress Code Snippets plugin is a plugin designed for WordPress to conveniently add and manage custom code snippets without having to directly modify the theme files. The WordPress Code Snippets plugin suffers from a code injection vulnerability that stems from the evaluateshortcodefromflatfile...
Tenda CH22 Buffer Overflow Vulnerability
Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter chkHz in the file /goform/WrlExtraGet that fails to correctly validate the length of the input data, and can be exploited by an attacker t...
Google Chrome code issue vulnerability (CNVD-2025-29233)
Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via specially...
Google Chrome Code Problem Vulnerability (CNVD-2025-29232)
Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...