131179 matches found
WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin, which stems from a privilege checking...
WordPress ProjectList plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. The WordPress ProjectList plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping of parameter ids, which can be exploited by a...
WordPress Chamber Dashboard Business Directory plugin unauthorized data export vulnerability
WordPress Chamber Dashboard Business Directory plugin is a plugin for creating business directories, job boards, real estate, classified ads and other types of directory websites with support for custom forms, image uploads, payment integration and more. The WordPress Chamber Dashboard Business...
WordPress ProjectList plugin arbitrary file upload vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress ProjectList plugin, which stems from a lack of file type validation and can be exploited by an attacker to cause...
WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...
Online Shopping Portal Insecure Direct Object Reference Vulnerability
Online Shopping Portal is an online store. Online Shopping Portal suffers from an insecure direct object reference vulnerability, which stems from the order tracking functionality not properly implementing an access control mechanism that directly references data sent from the client as an object...
WordPress EduKart Pro plugin elevation of privilege vulnerability
WordPress EduKart Pro plugin is an e-commerce plugin for the WordPress platform that is primarily used to build and manage online stores. WordPress EduKart Pro plugin has an elevation of privilege vulnerability that stems from the edukartproregisteruserfrontend function not restricting user...
WordPress Refund Request for WooCommerce plugin unauthorized data modification vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Refund Request for WooCommerce plugin, which stems from a lack of privilege checking and can be exploited...
WordPress Plugin Blog2Social: Social Media Auto Post & Scheduler Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Blog2Social: Social Media Auto Post &...
WordPress Locker Content plugin Information Disclosure Vulnerability
The WordPress Locker Content plugin is a tool for locking content in WordPress websites, usually by restricting access through email subscriptions, user permissions, etc. An information disclosure vulnerability exists in WordPress Locker Content plugin, which originates from the lockercosubmitpos...
WordPress Plugin Zweb Social Mobile Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin Zweb Social Mobile, which...
ASUS Router Path Traversal Vulnerability
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A path traversal vulnerability exists in ASUS Router, which can be exploited by an attacker to affect the integrity of the devi...
WordPress Plugin YouTube Subscribe Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. The WordPress plugin YouTube Subscribe suffers from a cross-site scripting vulnerability that...
ASUS Router SQL Injection Vulnerability
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally enter...
ASUS Router Command Injection Vulnerability
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A command injection vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the device to execute...
ASUS Router Authentication Bypass Vulnerability
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which can be exploited by an attacker to cause unauthorized devic...
ASUS Router Path Traversal Vulnerability (CNVD-2025-29937)
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. A path traversal vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the integrity of the devic...
WordPress AI Feeds plugin arbitrary file upload vulnerability
WordPress AI Feeds plugin is an open source software that is mainly used to generate and manage feeds for blogs. WordPress AI Feeds plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The vulnerability can be...
WordPress Peer Publish plugin Cross-Site Request Forgery Vulnerability
The WordPress Peer Publish plugin is a tool for multi-author collaboration that allows users to submit posts to a WordPress blog for review and publication by other users. A cross-site request forgery vulnerability exists in WordPress Peer Publish plugin, which stems from a lack of random number...
WordPress Just Highlight plugin cross-site scripting vulnerability
WordPress Just Highlight plugin is a WordPress plugin mainly used for highlighting code snippets in posts or pages with syntax highlighting support. WordPress Just Highlight plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...
Apache Syncope Trust Management Issues Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope has a trust management issue vulnerability that stems from...
AMD uProf Return Value Mishandling Vulnerability
AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. A return value mishandling vulnerability exists in AMD uProf, which can be exploited by an attacker to cause a KSLR bypass and loss of...
AMD XOCL driver improper input validation vulnerability (CNVD-2025-29744)
AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...
AMD uProf Input Validation Improperity Vulnerability (CNVD-2025-29739)
AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from an improper input validation vulnerability that can be exploited by an attacker to cause an out-of-bounds write...
Blog Site blog.php File SQL Injection Vulnerability
Blog Site is a blogging system. Blog Site suffers from an SQL injection vulnerability that originates from the lack of validation of the name/field parameter in the file /resources/functions/blog.php for externally typed SQL statements. An attacker can exploit this vulnerability to execute illega...
AMD Xilinx Run Time Buffer Overflow Vulnerability
AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. A buffer overflow vulnerability exists in AMD Xilinx Run Time, which can be exploited by an attacker to cause the reading or corrupti...
AMD uProf Input Validation Improperity Vulnerability
AMD uProf is a suite of performance analysis tools from AMD for analyzing the performance of x86 architecture applications on Windows, Linux and FreeBSD systems. AMD uProf suffers from an improper input validation vulnerability that can be exploited by an attacker to write to arbitrary physical...
AMD Xilinx Run Time Elevation of Privilege Vulnerability
AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. An elevation of privilege vulnerability exists in AMD Xilinx Run Time that stems from insufficient authentication and can be exploite...
Library System index.php File SQL Injection Vulnerability
Library System is a library system. Library System suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Username in the file /index.php. The vulnerability can be exploited by an attacker to execute illegal SQL...
AMD Xilinx Run Time Lockout Insufficient Protection Vulnerability
AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. AMD Xilinx Run Time suffers from a locking protection deficiency vulnerability that can be exploited by an attacker to cause reuse...
Library System return.php File SQL Injection Vulnerability
Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /return.php. An attacker can exploit this vulnerability to execute illegal SQL commands ...
AMD XOCL driver improper input validation vulnerability
AMD XOCL driver is a driver developed by AMD for OpenCL Open Computing Language, which is mainly used to support the performance optimization of AMD's GPUs in heterogeneous and parallel computing tasks. An improper input validation vulnerability exists in AMD XOCL driver, which can be exploited b...
Blog Site admin.php file improper authorization vulnerability
Blog Site is a blogging system. Blog Site suffers from an improper authorization vulnerability that originates in the file /admin.php, which can be exploited by an attacker to compromise confidentiality, integrity, and availability...
WordPress Autochat Automatic Conversation plugin unauthorized data modification vulnerability
WordPress Autochat Automatic Conversation plugin is an automated chat plugin designed for WordPress, which is mainly used to automate the communication between website visitors and merchants. WordPress Autochat Automatic Conversation plugin suffers from an unauthorized data modification...
ASUS Router Stack Buffer Overflow Vulnerability
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a stack buffer overflow vulnerability that originates from a boundary error when the application handl...
ASUS Router Authentication Bypass Vulnerability (CNVD-2025-29936)
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An authentication bypass vulnerability exists in ASUS Router, which stems from an unexpected side effect of Samba functionality...
WordPress Frontend File Manager Plugin Insecure Direct Object Reference Vulnerability
WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. WordPress Frontend File Manager Plugin suffers from an insecure direct object reference vulnerability that stems...
IBM Concert Encryption Issues Vulnerabilities
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform released in May 2024 by IBM. IBM Concert suffers from a cryptographic issue vulnerability that stems from the use of weak encryption algorithms, which can ...
WordPress Job Board by BestWebSoft plugin cross-site scripting vulnerability
WordPress Job Board by BestWebSoft plugin is WordPress plugin for creating and managing job posting features. The WordPress Job Board by BestWebSoft plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
Library System mail.php File SQL Injection Vulnerability
Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...
Hostel Management System register-complaint.php file cross-site scripting vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter cdetails in the file /register-complaint.php, which can be exploit...
WordPress Conditional Maintenance Mode plugin cross-site request forgery vulnerability
The WordPress Conditional Maintenance Mode plugin is a tool for setting a website to maintenance mode under certain conditions, allowing administrators to flexibly control the enabling and disabling of the maintenance status according to their needs. A cross-site request forgery vulnerability...
ASUS Router Integer Overflow Vulnerability
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. An integer underflow vulnerability exists in ASUS Router, which can be exploited by an attacker to cause the availability of th...
WordPress CIBELES AI plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CIBELES AI plugin suffers from an arbitrary file upload vulnerability that stems from the application's lack of effective validation of uploaded files. The...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2026-12149)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-928742)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-925300)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30132)
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925298)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Plugin Uncanny Automator Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Uncanny Automator, which...