Inventory Management System ID Parameter SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that stems from improper handling of the ID parameter in the /admin/products/index.php?view=edit file. No details of the vulnerability are available at this time...

Inventory Management System /admin/login.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...

Desktop Alert PingAlert Improper Access Control Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an improper access control vulnerability that can be exploited by an attacker ...

Desktop Alert PingAlert Elevation of Privilege Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an elevation of privilege vulnerability that stems from improper access...

Desktop Alert PingAlert Information Disclosure Vulnerability (CNVD-2025-29404)

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An information disclosure vulnerability exists in Desktop Alert PingAlert, which stems from a policy incompatibili...

Desktop Alert Unspecified Vulnerability in PingAlert

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an unspecified vulnerability that originates from the disclosure of technical...

Desktop Alert PingAlert Server-Side Request Forgery Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...

Desktop Alert PingAlert Path Traversal Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. A path traversal vulnerability exists in Desktop Alert PingAlert, which can be exploited to load arbitrary external...

Google Chrome Fullscreen Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Fullscreen misimplementation vulnerability, no details of the vulnerability are provided at this time...

DELL Alienware Command Center Process Control Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. A process control vulnerability exists in DELL Alienware Command Center that stems from improper proce...

DELL Alienware Command Center Elevation of Privilege Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An elevation of privilege vulnerability exists in DELL Alienware Command Center, which stems from an...

TOTOLINK A720R Stack Buffer Overflow Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...

TOTOLINK A950RG Buffer Overflow Vulnerability

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that stems from a failure to properly validate the length...

TOTOLINK LR1200GB Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a command injection vulnerability that stems from the cstecgi.cgi binary file failing to properly filter...

Linksys E1200 Stack Buffer Overflow Vulnerability

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...

Linksys E1200 Command Injection Vulnerability

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

Inventory Management System PROID Parameter SQL Injection Vulnerability

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the PROID parameter in the /index.php?q=product file that does not securely filter user input. An attacker can exploit this vulnerability ...

Student Record System register.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of external input SQL statements for multiple parameters in register.php. An attacker can exploit this vulnerability to execute illegal SQL...

SQL Injection Vulnerability in UFIDA BIP Data Application Service of UFIDA Network Technology Co. Ltd (CNVD-C-2025-879635)

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00025)

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...

Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

Directory Traversal Vulnerability in UFIDA BIP Data Application Service of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

Student Information System /index.php File SQL Injection Vulnerability

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from a lack of security filtering of the Username parameter in the /index.php file. No details of the vulnerability are available at this time...

Student Record System add-course.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the course-short, course-full, and cdate parameters in add-course.php. An attacker can exploit this...

D-Link DIR-816L Buffer Overflow Vulnerability

DIR-816L is a wireless router product from D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which originates from the soapcgimain function in the /soap.cgi file that does not perform a valid bounds check on input data. An attacker could use this...

D-Link DIR-816L Buffer Overflow Vulnerability

DIR-816L is a wireless router product from D-Link. A stack buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from failure to properly validate the input length when manipulating the en parameter of the scandirmain function in the /portal/ajaxexporer.sgi...

D-Link DIR-816L Buffer Overflow Vulnerability

The DIR-816L is a wireless router device from D-Link. A stack-based buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from the genacgimain function in the gena.cgi file improperly handling the SERVERID/HTTPSID parameter. An attacker could use this...

Student Information System editprofile.php File Cross-Site Scripting Vulnerability

Student Information System is a student information system. A cross-site scripting vulnerability exists in the Student Information System, which originates from an unspecified function in the /editprofile.php file that improperly handles user input. An attacker can exploit this vulnerability by...

Student Information System register.php Cross-Site Scripting Vulnerability

Student Information System is a student information system. The Student Information System suffers from a cross-site scripting vulnerability that stems from the mishandling of user input by an unspecified functional component in the /register.php file. An attacker can exploit this vulnerability b...

Student Information System /editprofile.php File SQL Injection Vulnerability

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...

Simple Cafe Ordering System addmem.php File SQL Injection Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the lack of secure filtering of the studentnum parameter in the /addmem.php file. No details of the vulnerability are available at this time...

Simple Cafe Ordering System add_to_cart File Cross Site Scripting Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a cross-site scripting vulnerability that arises from insufficient security filtering of the productname parameter in the /addtocart file. An attacker could use this vulnerability to execu...

Simple Cafe Ordering System login.php File SQL Injection Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the /login.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability to remotely obtain sensitiv...

WordPress Contact Form Email plugin missing authorization vulnerability

WordPress Contact Form Email plugin is a powerful contact form tool that is mainly used to create contact forms and email the submitted data to a specified address, while supporting data storage, report generation and export features. A lack of authorization vulnerability exists in the WordPress...

WordPress Data Tables Generator by Supsystic plugin Arbitrary File Deletion Vulnerability

WordPress Data Tables Generator by Supsystic plugin is WordPress plugin for creating interactive tables and charts that support data visualization and dynamic content presentation. WordPress Data Tables Generator by Supsystic plugin has an arbitrary file deletion vulnerability that stems from...

WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability

WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...

WordPress Qi Blocks plugin cross-site scripting vulnerability

WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...

WordPress quicq plugin missing capability check vulnerability

WordPress quicq plugin is an image optimization tool designed for WordPress that automatically compresses and resizes images to improve website performance. A missing capability check vulnerability exists in WordPress quicq plugin, which can be exploited by attackers to cause unauthorized data...

WordPress Save as PDF Button plugin cross-site scripting vulnerability

The WordPress Save as PDF Button plugin is a tool that adds one-click PDF generation functionality to WordPress websites, allowing visitors to save web content e.g., articles, product pages, etc. as PDF files with the click of a button. WordPress Save as PDF Button plugin has a cross-site scripti...

WordPress SureForms plugin information disclosure vulnerability

WordPress SureForms plugin is a drag-and-drop form builder plugin designed for WordPress, supporting the creation of multi-step forms, dialog forms and other complex features, no programming can quickly build forms. WordPress SureForms plugin suffers from an information disclosure vulnerability...

WordPress Theater for WordPress plugin missing license vulnerability

WordPress Theater for WordPress plugin is a plugin designed for advanced users and developers to manage theater related features such as show scheduling, ticketing system and more. A lack of authorization vulnerability exists in the WordPress Theater for WordPress plugin, which can be exploited b...

Student Record System add-subject.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the sub1, sub2, sub3, sub4, and course-short parameters of add-subject.php. An attacker can exploit this...

Student Record System change-password.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...

Student Record System password-recovery.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements for the id and emailid parameters in password-recovery.php. An attacker can exploit this vulnerability to...

Student Record System admin-profile.php file cross-site scripting vulnerability

Student Record System is a software application. Student Record System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the adminname and aemailid parameters of admin-profile.php, which can be exploited to...

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

WordPress Booster for WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress Booster for WooCommerce Plugin is a multi-functional plugin designed specifically for the WooCommerce e-commerce platform, offering more than 100 features including PDF invoices, product variants, wish lists, and other tools designed to streamline e-commerce operations and enhance user...

WordPress ChatBot plugin missing authorization vulnerability

WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...

WordPress Welcart e-Commerce Plugin Unauthorized Access Vulnerability

WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...

WordPress WooCommerce PDF Invoice Builder plugin missing license vulnerability

WordPress WooCommerce PDF Invoice Builder plugin is designed for WooCommerce e-commerce platform invoice and packing slip generation tool, support customized templates, multi-language, conditional generation and other features, to help merchants create professional documents in line with the bran...