Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

AMD CPU Entropy Mishandling Vulnerability

AMD CPUs are a family of CPUs from AMD. AMD CPUs suffer from an entropy mishandling vulnerability, no details of the vulnerability are provided at this time...

7.2CVSS6.9AI score0.00159EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress EchBay Admin Security plugin cross-site scripting vulnerability

WordPress EchBay Admin Security plugin is a once widely used security tool designed to provide an extra layer of protection for the WordPress admin backend. The WordPress EchBay Admin Security plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.1CVSS6.1AI score0.00179EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability

WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...

5.3CVSS6.6AI score0.00255EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•2 views

WordPress Checkbox plugin unauthorized data loss vulnerability

WordPress Checkbox plugin are functional plugins designed to add or enhance checkbox functionality to a website. WordPress Checkbox plugin suffers from an unauthorized data loss vulnerability that stems from a lack of permission checking, which can be exploited by an attacker to cause unauthorize...

5.3CVSS6.8AI score0.002EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

4.3CVSS6.8AI score0.00168EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress Gutenverse plugin missing license vulnerability

The WordPress Gutenverse plugin is a plugin built specifically for WordPress sites, designed to enhance the Gutenberg editor and provide a richer page design and editing experience. WordPress Gutenverse plugin suffers from a missing authorization vulnerability that can be exploited by attackers t...

5.3CVSS6.6AI score0.00219EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•2 views

WordPress Gutenverse Form plugin missing authorization vulnerability

WordPress Gutenverse Form plugin is a form builder plugin designed for WordPress' Gutenberg block editor, designed to help users create feature-rich forms without writing code. A lack of authorization vulnerability exists in WordPress Gutenverse Form plugin, which can be exploited by attackers to...

7.3CVSS6.8AI score0.00278EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress Bulma Shortcodes plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bulma Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

6.4CVSS6.1AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unsafe direct object reference vulnerability

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. The WordPress ELEX WordPress HelpDesk & Customer Ticketing Syste...

4.3CVSS6.8AI score0.00258EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•1 views

WordPress Custom Post Type plugin Cross-Site Request Forgery Vulnerability

WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...

4.3CVSS6.8AI score0.00108EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress AudioTube plugin cross-site scripting vulnerability

WordPress AudioTube plugin is an open source audio player plugin for the WordPress platform, mainly used to embed and play audio content on the website. WordPress AudioTube plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

6.4CVSS6AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress Plugin Accessibility Toolkit by WebYes Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Accessibility Toolkit by WebYes, which...

4.3CVSS6.6AI score0.00181EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress Cart Weight for WooCommerce plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Cart Weight for WooCommerce plugin, which can be exploited by an attacker to leverage a misconfigured access contro...

5.3CVSS6.8AI score0.00181EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•2 views

WordPress I Order Terms plugin cross-site request forgery vulnerability

WordPress I Order Terms plugin is a plugin that adds sorting or ordering functionality to WordPress taxonomies such as taxonomies, tags, and custom taxonomies. The WordPress I Order Terms plugin suffers from a cross-site request forgery vulnerability that stems from a web application that does no...

4.3CVSS6.7AI score0.00101EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•5 views

WordPress Chat Help plugin missing authorization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Chat Help plugin, which can be exploited by an attacker to leverage an incorrectly configured access control securi...

5.3CVSS6.8AI score0.00193EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress Accordion Slider plugin cross-site scripting vulnerability

WordPress Accordion Slider plugin is a plugin for creating collapsible sliders AccordionSlider. The WordPress Accordion Slider plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

6.5CVSS6.1AI score0.00134EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress Plugin LearnPress Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...

5.3CVSS6AI score0.00934EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•6 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30133)

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

4.3CVSS6.8AI score0.00168EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•7 views

SQL Injection Vulnerability in RB Enterprise Management System of Shanghai Ruifang Technology Co.

RB Enterprise Management System is a zero-code, open source and free enterprise management system. RB Enterprise Management System of Shanghai Ruifang Technology Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the databa...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•6 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-923949)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•7 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30131)

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...

5.3CVSS6.9AI score0.00253EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•5 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-921601)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress ELEX WordPress HelpDesk&Customer Ticketing System plugin missing privilege check vulnerability

WordPress ELEX WordPress HelpDesk& Customer Ticketing System plugin is a helpdesk and customer work order system plugin designed for WordPress websites, designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk& Customer Ticketing...

4.3CVSS6.8AI score0.00168EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-925280)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•7 views

WordPress BrightTALK Shortcode plugin cross-site scripting vulnerability

The WordPress BrightTALK Shortcode plugin is a plugin for WordPress designed to integrate BrightTALK's webinar functionality through shortcodes. The WordPress BrightTALK Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filterin...

6.4CVSS6AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925115)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress Bold Page Builder plugin cross-site scripting vulnerability

WordPress Bold Page Builder plugin is a WordPress page builder plugin that supports drag and drop editing and real-time front and back end previews for quickly creating responsive web page layouts. WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems fro...

6.3CVSS5.9AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924158)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

WordPress Appointment Booking Calendar plugin missing authorization vulnerability

WordPress Appointment Booking Calendar plugin is a tool for creating and managing an appointment system on your WordPress website, supporting calendar view, form customization, email notifications and other features for clinics, gyms, beauty salons and other scenarios. The WordPress Appointment...

5.3CVSS6.7AI score0.00249EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•6 views

WordPress Plugin OneClick Chat to Order Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin OneClick Chat to Order,...

7.5CVSS6AI score0.00322EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•2 views

WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability

WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...

5.3CVSS6.5AI score0.00271EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress Plugin CP Contact Form with PayPal Has Unspecified Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin CP Contact Form with PayPal, which stem...

7.5CVSS6.5AI score0.00331EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924847)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-926218)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925400)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•2 views

AMD StoreMI Default Privilege Misconfiguration Vulnerability

AMD StoreMI is an intelligent storage management technology developed by AMD that automatically optimizes the location of data storage to improve system performance by combining the benefits of solid state drives SSDs and mechanical hard drives HDDs. AMD StoreMI suffers from a default privilege...

7.3CVSS7.7AI score0.00127EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•1 views

AMD StoreMI DLL Hijacking Vulnerability

AMD StoreMI is an intelligent storage management technology developed by AMD that automatically optimizes data storage locations to improve system performance by combining the benefits of solid state drives SSDs and mechanical hard drives HDDs. AMD StoreMI suffers from a DLL hijacking vulnerabili...

7.3CVSS7.7AI score0.00127EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•3 views

WordPress Display Pages Shortcode plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Display Pages Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

6.4CVSS6.1AI score0.00198EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•5 views

WordPress Import WP plugin Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Import WP plugin, which stems from a lack of .htaccess protection for the import and export functionality, which can ...

5.3CVSS6.1AI score0.00228EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•4 views

AMD CPUs have an unspecified vulnerability

AMD CPUs are a family of CPUs from AMD. An unspecified vulnerability exists in AMD CPUs, which can be exploited by an attacker to run SEV-SNP clients with stale TLB entries, resulting in a loss of data integrity...

5.3CVSS6.9AI score0.00096EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•9 views

WordPress Custom Order Numbers for WooCommerce plugin missing authorization vulnerability

The WordPress Custom Order Numbers for WooCommerce plugin is an open source plugin for WooCommerce an e-commerce plugin for WordPress designed to allow users to customize the rules for generating order numbers. WordPress Custom Order Numbers for WooCommerce plugin suffers from a missing...

9.8CVSS6.7AI score0.00289EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•7 views

WordPress Arconix Shortcodes plugin missing authorization vulnerability

WordPress Arconix Shortcodes plugin is a multifunctional WordPress plugin that offers a wide range of shortcodes functionality and supports the addition of accordions, labels, buttons and other elements to your website. WordPress Arconix Shortcodes plugin suffers from a missing authorization...

4.3CVSS6.6AI score0.00167EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•8 views

WordPress HT Mega plugin cross-site scripting vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

6.4CVSS5.9AI score0.0019EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•6 views

WordPress Better Chat Support for Messenger plugin missing license vulnerability

WordPress Better Chat Support for Messenger plugin is a live chat feature for WordPress websites that supports FacebookMessenger integration, allowing users to communicate with visitors instantly through a chat window. The WordPress Better Chat Support for Messenger plugin suffers from a missing...

5.4CVSS6.6AI score0.00187EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•5 views

WordPress Plugin Seriously Simple Podcasting Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Seriously Simple...

5.3CVSS6AI score0.00248EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•14 views

WordPress Affiliate AI Lite plugin cross-site scripting vulnerability

WordPress Affiliate AI Lite plugin is an affiliate marketing plugin for WordPress designed to help users boost traffic and revenue through customer referral and promotion programs. The WordPress Affiliate AI Lite plugin suffers from a cross-site scripting vulnerability that stems from the...

6.4CVSS6AI score0.00198EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/25 12:0 a.m.•18 views

WordPress AuthorSure plugin cross-site request forgery vulnerability

WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...

6.1CVSS6.8AI score0.00101EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•3 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29420)

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

6.3CVSS6.3AI score0.00436EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

Tenda AC21 SetVirtualServerCfg File Buffer Overflow Vulnerability

Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...

4.3CVSS7.4AI score0.00216EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/24 12:0 a.m.•4 views

UTT Progressive 750W Command Injection Vulnerability

The UTT Progressive 750W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 750W suffers from a command injection vulnerability that stems from the failure of the parameter...

9.8CVSS7.7AI score0.17978EPSS
Exploits1References1
Total number of security vulnerabilities131179