130931 matches found
Google Chrome Code Problem Vulnerability (CNVD-2025-29235)
Google Chrome is a web browser developed by Google. A security vulnerability exists in Google Chrome versions prior to 142.0.7444.59, which stems from a flaw in the V8 engine's handling of object types. The vulnerability can be exploited by an attacker to trigger heap corruption via a specially...
WordPress Checkout Files Upload for WooCommerce plugin Cross-Site Scripting Vulnerability
WordPress Checkout Files Upload for WooCommerce plugin is a plugin designed for the WordPress platform that allows users to upload files on the checkout page, often used to collect order-related documents or customization information. The WordPress Checkout Files Upload for WooCommerce plugin...
WordPress Category and Product Woocommerce Tabs plugin file inclusion vulnerability
WordPress Category and Product Woocommerce Tabs plugin is a plugin for WordPress websites, the main function is to add custom tabs Tabs to WooCommerce product pages to organize and display product information, categories and other content. A file inclusion vulnerability exists in the WordPress...
WordPress Plugin Pixel Manager for WooCommerce Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Pixel Manager for WooCommerce has an information disclosure vulnerability, the...
WordPress Element Pack Addons for Elementor plugin cross-site scripting vulnerability
WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...
WordPress Broken Link Checker by AIOSEO plugin missing authorization vulnerability
WordPress Broken Link Checker by AIOSEO plugin is a tool for detecting and repairing internal and external links on your website, supporting SEO optimization and website maintenance. WordPress Broken Link Checker by AIOSEO plugin suffers from a missing authorization vulnerability, which can be...
WordPress Download Panel plugin unauthorized settings modification vulnerability
WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...
WordPress Live sales notification for WooCommerce plugin missing authorization vulnerability
WordPress Live sales notification for WooCommerce plugin is a real-time sales notification tool designed for WooCommerce e-commerce platform, which displays recent purchases through pop-ups, and utilizes social proof to boost user trust and conversion rates. The WordPress Live sales notification...
WordPress Cryptocurrency Payment Gateway for WooCommerce plugin unauthorized data modification vulnerability
WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...
WordPress CSV to SortTable plugin cross-site scripting vulnerability
WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...
WordPress Like-it plugin cross-site request forgery vulnerability
WordPress Like-it plugin is an extension to add like-it functionality to WordPress blogs, allowing users to perform like-it operations on posts or comments. The WordPress Like-it plugin suffers from a cross-site request forgery vulnerability, which arises from a web application that does not...
Fortinet FortiADC Buffer Overflow Vulnerability (CNVD-2025-29156)
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when an application processes untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...
Fortinet FortiWeb Trust Management Issue Vulnerability
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
WordPress Gutenify plugin cross-site scripting vulnerability
WordPress Gutenify plugin is a free visual site builder for WordPress that provides Full Site Edit FSE functionality to help users quickly build websites with preset blocks and templates. WordPress Gutenify plugin suffers from a cross-site scripting vulnerability that stems from the application's...
WordPress AI Engine plugin server-side request forgery vulnerability
WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...
Student Record System manage-students.php Component Cross-Site Request Forgery Vulnerability
Student Record System is a software application. Student Record System suffers from a cross-site request forgery vulnerability that stems from the manage-students.php component not adequately verifying that a request is from a trusted user, which could be exploited by an attacker to cause...
School Fees Payment Management System /manage_course.php File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /managecourse.php. An...
Small CRM quote-details.php file SQL Injection Vulnerability
Small CRM a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id and adminremark parameters of quote-details.php. An attacker can exploit this vulnerability to...
Nero Social Networking Site profilefriends.php file SQL injection vulnerability
Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /profilefriends.php. An attacker can exploit this vulnerability...
Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...
Online Voting System /index.php File SQL Injection Vulnerability
Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter id/category in the file /index.php. An attacker can exploit this vulnerability to...
WordPress Icon List Block plugin server-side request forgery vulnerability
WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...
Online Shopping Portal admin page SQL Injection Vulnerability
Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...
Siemens Mendix Rich Text Component Cross-Site Scripting Vulnerability
The Mendix Rich Text component is a powerful rich text editor. Create richly formatted text with HTML output. A cross-site scripting vulnerability exists in the Siemens Mendix RichText component, version V4.0.0 through versions prior to V4.6.1, which can be exploited to implant cross-site scripti...
Courier Management System search-edit.php File SQL Injection Vulnerability
Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Consignment in the file /search-edit.php. An attacker can exploit this...
School Fees Payment Management System /ajax.php?action=save_payment File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
Google Chrome Type Obfuscation Vulnerability
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...
School Fees Payment Management System /ajax.php?action=login File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement for the parameter Username in the file...
Small CRM manage-tickets.php file cross-site scripting vulnerability
Small CRM a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the aremark parameter of manage-tickets.php, which can be exploited to execute arbitrary Web scrip...
Online Shopping Portal login.php File SQL Injection Vulnerability
Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of externally-entered SQL statements for the fullname, emailid, and contactno parameters in login.php. An attacker can exploit this vulnerability to execute...
Online Shopping Portal forgot-password.php File SQL Injection Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the email parameter of forgot-password.php. No details of the vulnerability are available at this time...
Online Shopping Portal product-details.php file SQL Injection Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...
Siemens PS/IGES Parasolid Translator Component Out-of-Bounds Read Vulnerability
The Parasolid Translator Component is a single-format translation toolkit for high-speed end-to-end translation between Parasolid and multiple industry formats such as STEP or IGES. An out-of-bounds read vulnerability exists in versions prior to Siemens PS/IGES Parasolid Translator Component...
Nero Social Networking Site friendsphoto.php File SQL Injection Vulnerability
Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendsphoto.php. An attacker can exploit this vulnerability t...
Online Voting System /login.php File SQL Injection Vulnerability
Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Username in the file /login.php. An attacker can exploit this vulnerability to execute...
Online Voting System /index.php File Code Problem Vulnerability
Online Voting System is an online voting system. Online Voting System has a code issue vulnerability that stems from a lack of validation of uploaded files in the page parameter of file /index.php. An attacker can exploit this vulnerability to upload malicious files...
Google Chrome Improperly Implemented Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a V8 mal-implementation, which can be exploited by an attacker to leverage heap corruption via specially crafted HTML pages...
Courier Management System add-new-officer.php File SQL Injection Vulnerability
Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ManagerName in the file /add-new-officer.php. An attacker can exploit this...
WordPress Coil Web Monetization plugin Cross-Site Request Forgery Vulnerability
The WordPress Coil Web Monetization plugin is a WordPress plugin that allows websites to monetize content through the WebMonetizationAPI, which allows users to pay content creators directly through a browser extension. The WordPress Coil Web Monetization plugin suffers from a cross-site request...
Online Voting System /ajax.ph File SQL Injection Vulnerability
Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /ajax.php. An attacker can exploit this vulnerability to execute illega...
School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
Google Chrome Type Obfuscation Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...
Complaint Management System user-search.php File Cross-Site Scripting Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search parameter of user-search.php, which can be exploited to...
Apache OpenOffice Security Bypass Vulnerability (CNVD-2025-29167)
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by an attacker t...
Complaint Management System subcategory.php File SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of the subcategory and category parameters in subcategory.php against externally entered SQL statements. The vulnerability ca...
Responsive Hotel Site usersetting.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter usname in the file /admin/usersetting.php. An attacker can exploit this...
Responsive Hotel Site usersettingdel.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/usersettingdel.php. An attacker can exploit this...
Dell SmartFabric OS10 Software Command Injection Vulnerability (CNVD-2025-29162)
Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that originates from improper neutralization of special elements in commands, which can be exploited by an attacker to cause comman...
Apache OpenOffice Security Bypass Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by an attacker t...
Apache OpenOffice Information Disclosure Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...