Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...

4.3CVSS6.8AI score0.0022EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

WordPress ProjectList plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. The WordPress ProjectList plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping of parameter ids, which can be exploited by a...

4.9CVSS8.3AI score0.00275EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•2 views

WordPress Chamber Dashboard Business Directory plugin unauthorized data export vulnerability

WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...

5.3CVSS6.8AI score0.00245EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•2 views

WordPress ProjectList plugin arbitrary file upload vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress ProjectList plugin, which stems from a lack of file type validation and can be exploited by an attacker to cause...

7.2CVSS8.3AI score0.00548EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

5.3CVSS6.4AI score0.00231EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

Online Shopping Portal Insecure Direct Object Reference Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...

4.3CVSS6.7AI score0.00218EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•6 views

WordPress EduKart Pro plugin elevation of privilege vulnerability

WordPress EduKart Pro plugin is an e-commerce plugin for the WordPress platform that is primarily used to build and manage online stores. WordPress EduKart Pro plugin has an elevation of privilege vulnerability that stems from the edukartproregisteruserfrontend function not restricting user...

9.8CVSS7.2AI score0.00312EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•1 views

WordPress Refund Request for WooCommerce plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Refund Request for WooCommerce plugin, which stems from a lack of privilege checking and can be exploited...

4.3CVSS7AI score0.00163EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•10 views

WordPress Plugin Blog2Social: Social Media Auto Post & Scheduler Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Blog2Social: Social Media Auto Post &...

5.4CVSS6.4AI score0.00225EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•15 views

WordPress Locker Content plugin Information Disclosure Vulnerability

The WordPress Locker Content plugin is a tool for locking content in WordPress websites, usually by restricting access through email subscriptions, user permissions, etc. An information disclosure vulnerability exists in WordPress Locker Content plugin, which originates from the lockercosubmitpos...

5.3CVSS6.2AI score0.00262EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

WordPress Plugin Zweb Social Mobile Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Zweb Social Mobile, which...

4.4CVSS5.9AI score0.00158EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•4 views

ASUS Router Path Traversal Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A path traversal vulnerability exists in ASUS Router, which can be exploited by an attacker to affect the integrity of the devi...

8.2CVSS6.8AI score0.00641EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•4 views

WordPress Plugin YouTube Subscribe Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...

4.4CVSS5.9AI score0.00201EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•4 views

ASUS Router SQL Injection Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally enter...

5.9CVSS7.9AI score0.00427EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

ASUS Router Command Injection Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A command injection vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the device to execute...

7.5CVSS7.8AI score0.00957EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

ASUS Router Authentication Bypass Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which can be exploited by an attacker to cause unauthorized devic...

7.5CVSS7AI score0.00735EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•4 views

ASUS Router Path Traversal Vulnerability (CNVD-2025-29937)

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A path traversal vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the integrity of the devic...

6.9CVSS6.8AI score0.00567EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•13 views

WordPress AI Feeds plugin arbitrary file upload vulnerability

WordPress AI Feeds plugin is an open source software that is mainly used to generate and manage feeds for blogs. WordPress AI Feeds plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The vulnerability can be...

9.8CVSS7.9AI score0.00875EPSS
Exploits3References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•10 views

WordPress Peer Publish plugin Cross-Site Request Forgery Vulnerability

The WordPress Peer Publish plugin is a tool for multi-author collaboration that allows users to submit posts to a WordPress blog for review and publication by other users. A cross-site request forgery vulnerability exists in WordPress Peer Publish plugin, which stems from a lack of random number...

4.3CVSS6.8AI score0.00131EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•15 views

WordPress Just Highlight plugin cross-site scripting vulnerability

WordPress Just Highlight plugin is a WordPress plugin mainly used for highlighting code snippets in posts or pages with syntax highlighting support. WordPress Just Highlight plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

4.4CVSS6.2AI score0.00195EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

Apache Syncope Trust Management Issues Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope has a trust management issue vulnerability that stems from...

7.5CVSS7AI score0.00448EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

AMD uProf Return Value Mishandling Vulnerability

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. A return value mishandling vulnerability exists in AMD uProf, which can be exploited by an attacker to cause a KSLR bypass and loss of...

7.1CVSS6.9AI score0.00112EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

AMD XOCL driver improper input validation vulnerability (CNVD-2025-29744)

AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...

8CVSS7.1AI score0.00118EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•4 views

AMD uProf Input Validation Improperity Vulnerability (CNVD-2025-29739)

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from an improper input validation vulnerability that can be exploited by an attacker to cause an out-of-bounds write...

5.5CVSS7AI score0.00099EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

Blog Site blog.php File SQL Injection Vulnerability

Blog Site is a blogging system. Blog Site suffers from an SQL injection vulnerability that originates from the lack of validation of the name/field parameter in the file /resources/functions/blog.php for externally typed SQL statements. An attacker can exploit this vulnerability to execute illega...

8.8CVSS8.2AI score0.00261EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•4 views

AMD Xilinx Run Time Buffer Overflow Vulnerability

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. A buffer overflow vulnerability exists in AMD Xilinx Run Time, which can be exploited by an attacker to cause the reading or corrupti...

7.3CVSS7.4AI score0.00114EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

AMD uProf Input Validation Improperity Vulnerability

AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from an improper input validation vulnerability that can be exploited by an attacker to write to arbitrary physical...

5.5CVSS6.8AI score0.00099EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

AMD Xilinx Run Time Elevation of Privilege Vulnerability

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. An elevation of privilege vulnerability exists in AMD Xilinx Run Time that stems from insufficient authentication and can be exploite...

5.7CVSS7.3AI score0.00094EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

Library System index.php File SQL Injection Vulnerability

Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...

9.8CVSS8.3AI score0.00346EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

AMD Xilinx Run Time Lockout Insufficient Protection Vulnerability

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. AMD Xilinx Run Time suffers from a locking protection deficiency vulnerability that can be exploited by an attacker to cause reuse...

7.3CVSS6.9AI score0.00081EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•2 views

Library System return.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /return.php. An attacker can exploit this vulnerability to execute illegal SQL commands ...

8.8CVSS8.3AI score0.00273EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

AMD XOCL driver improper input validation vulnerability

AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...

7.3CVSS7AI score0.00112EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•6 views

Blog Site admin.php file improper authorization vulnerability

Blog Site is a blogging system. Blog Site suffers from an improper authorization vulnerability that originates in the file /admin.php, which can be exploited by an attacker to compromise confidentiality, integrity, and availability...

8.8CVSS6.8AI score0.00255EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•2 views

WordPress Autochat Automatic Conversation plugin unauthorized data modification vulnerability

WordPress Autochat Automatic Conversation plugin is an automated chat plugin designed for WordPress, which is mainly used to automate the communication between website visitors and merchants. WordPress Autochat Automatic Conversation plugin suffers from an unauthorized data modification...

5.3CVSS7.1AI score0.00244EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

ASUS Router Stack Buffer Overflow Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a stack buffer overflow vulnerability that originates from a boundary error when the application handl...

6.9CVSS7.3AI score0.00395EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•8 views

ASUS Router Authentication Bypass Vulnerability (CNVD-2025-29936)

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...

9.2CVSS7.3AI score0.15404EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•20 views

WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...

4.3CVSS6.8AI score0.00202EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

IBM Concert Encryption Issues Vulnerabilities

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...

7.5CVSS6.7AI score0.00157EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•18 views

WordPress Job Board by BestWebSoft plugin cross-site scripting vulnerability

WordPress Job Board by BestWebSoft plugin is WordPress plugin for creating and managing job posting features. The WordPress Job Board by BestWebSoft plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

6.1CVSS6.1AI score0.00224EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

Library System mail.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...

8.8CVSS8.3AI score0.00273EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•5 views

Hostel Management System register-complaint.php file cross-site scripting vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter cdetails in the file /register-complaint.php, which can be exploit...

5.4CVSS6.3AI score0.00189EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•21 views

WordPress Conditional Maintenance Mode plugin cross-site request forgery vulnerability

The WordPress Conditional Maintenance Mode plugin is a tool for setting a website to maintenance mode under certain conditions, allowing administrators to flexibly control the enabling and disabling of the maintenance status according to their needs. A cross-site request forgery vulnerability...

4.3CVSS6.9AI score0.00144EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•3 views

ASUS Router Integer Overflow Vulnerability

ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An integer underflow vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the availability of th...

6CVSS6.8AI score0.00363EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/27 12:0 a.m.•28 views

WordPress CIBELES AI plugin Arbitrary File Upload Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CIBELES AI plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The...

9.8CVSS7.9AI score0.00875EPSS
Exploits3References1
cnvd
cnvd
•added 2025/11/26 12:0 a.m.•2 views

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2026-12149)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/26 12:0 a.m.•8 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-928742)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•8 views

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-925300)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•5 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30132)

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

4.3CVSS6.8AI score0.00168EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925298)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•2 views

WordPress Plugin Uncanny Automator Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Uncanny Automator, which...

4.3CVSS5.6AI score0.00228EPSS
Exploits0References1
Total number of security vulnerabilities131179