WordPress WooCommerce Ultimate Points And Rewards plugin Information Disclosure Vulnerability

WordPress WooCommerce Ultimate Points And Rewards plugin is a points and rewards management tool designed for WooCommerce, which awards points through customer behavior e.g., purchases, registrations, comments, etc. and supports redemption of discounts, coupons or free products, aiming to increas...

WordPress WP Content Pilot plugin missing license vulnerability

WordPress WP Content Pilot plugin is an automated content capture plugin designed for WordPress that supports grabbing content from multiple platforms e.g. Amazon, Pinterest, Instagram, etc. and posting it to the site automatically. A lack of authorization vulnerability exists in the WordPress WP...

WordPress WP Headless CMS Framework plugin bypasses protection mechanism vulnerability

The WordPress WP Headless CMS Framework plugin is a tool for converting WordPress to HeadlessCMS Headless Content Management System, separating content management from front-end presentation via RESTAPI or GraphQL interfaces. The WordPress WP Headless CMS Framework plugin suffers from a protectio...

WordPress WP Manager plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...

Simple Online Hotel Reservation System add_query_reserve.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that stems from the /addqueryreserve.php file failing to effectively filter the roomid parameter. No details of the vulnerability a...

WordPress Content Flipper plugin cross-site scripting vulnerability

WordPress Content Flipper plugin is an open source WordPress plugin , mainly used for content display and interactive features . A cross-site scripting vulnerability exists in the WordPress Content Flipper plugin, which stems from insufficient input cleanup and output escaping of the parameter...

WordPress WPKoi Templates for Elementor plugin missing license vulnerability

WordPress WPKoi Templates for Elementor plugin is a template plugin designed for Elementor page builder, offering 400+ preset templates and dynamic elements to help users quickly create visual websites. The WordPress WPKoi Templates for Elementor plugin suffers from a missing authorization...

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...

WordPress Survey Maker plugin missing capability check vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...

Desktop Alert Unspecified Vulnerability in PingAlert (CNVD-2025-29434)

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An unspecified vulnerability exists in Desktop Alert PingAlert, which arises from the presence of corrupt or insecu...

TOTOLINK A950RG Command Injection Vulnerability

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a command injection vulnerability that stems from a failure to properly filter construct...

mall-swarm authorization issue vulnerability (CNVD-2026-10878)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...

Desktop Alert PingAlert Improper Access Control Vulnerability (CNVD-2025-29430)

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an Improper Access Control vulnerability that stems from improper access...

Desktop Alert PingAlert Cross-Site Scripting Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability for which no detailed vulnerability...

WordPress Booster for WooCommerce Plugin Missing Authorization Vulnerability

WordPress Booster for WooCommerce Plugin is a multi-functional plugin designed specifically for the WooCommerce e-commerce platform, offering more than 100 features including PDF invoices, product variants, wish lists, and other tools designed to streamline e-commerce operations and enhance user...

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

mall-swarm authorization issue vulnerability (CNVD-2026-10879)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the detail function in file /order/detail, no details of the vulnerability are provided at this time...

Student Information System searchquery.php File SQL Injection Vulnerability

Student Information System is a student information system. The Student Information System suffers from a SQL injection vulnerability that originates from the parameter s in the /searchquery.php file that does not effectively filter user input. An attacker can exploit this vulnerability by...

Google Chrome on iO SInternals Post-Release Reuse Vulnerability

Google Chrome on iOS is a mobile browser designed by Google for Apple cell phone users, supporting cross-device synchronization, multi-tab browsing, voice search and other features to provide a smooth web browsing experience. Google Chrome on iOS suffers from an Internals reuse-after-release...

Inventory Management System /LogSignModal.PHP File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that originates from improper handling of the UUSERNAME parameter in the /LogSignModal.PHP file. No details of the vulnerability are available at this time...

Google Chrome Code Problem Vulnerability (CNVD-2025-29238)

Google Chrome is a web browser developed by Google. A security vulnerability exists in the compositing feature in Google Chrome prior to version 140.0.7339.80, which stems from a flaw in the compositing module's handling of UI elements. The vulnerability can be exploited by an attacker to conduct...

WordPress Survey Maker plugin unauthorized access vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. An unauthorized access vulnerability exists in the WordPress Survey Maker plugin, which stems from a lack...

Desktop Alert PingAlert Information Disclosure Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an information disclosure vulnerability that originates from the exposure of...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-859399)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-859401)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Microsoft Excel Information Disclosure Vulnerability (CNVD-2025-29963)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which is caused by an untrusted pointer dereference. An attacker could exploit the vulnerability to obtain sensitive information...

WordPress Asgaros Forum plugin cross-site request forgery vulnerability

WordPress Asgaros Forum plugin is a lightweight forum plugin designed for WordPress that supports the rapid creation and management of forum pages, providing basic posting, replying, user management and other functions. The WordPress Asgaros Forum plugin suffers from a cross-site request forgery...

Intel CIP elevation of privilege vulnerability (CNVD-2025-28465)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from mismanagement of privileges and can be exploited by an attacker to cause elevation of...

Intel CIP Elevation of Privilege Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from improper privilege management and can be exploited by an attacker to cause elevation of...

WordPress Plugin Document Pro Elementor Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Document Pro Elementor has an information disclosure vulnerability, the...

Rockwell Automation Studio 5000 Simulation Interface Code Execution Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. A code execution vulnerability exists in Rockwell Automation Studio 5000 Simulation Interface, which can be exploited by an attacker to cause scripts to be executed with administrator...

Rockwell Automation Studio 5000 Simulation Interface Server-Side Request Forgery Vulnerability

Rockwell Automation Studio 5000 Simulation Interface is a simulation modeling tool from Rockwell Automation. The Rockwell Automation Studio 5000 Simulation Interface suffers from a server-side request forgery vulnerability that stems from the server not implementing sufficient authentication...

Unspecified Vulnerability in Rockwell Automation DataMosaix Private Cloud

Rockwell Automation DataMosaix Private Cloud is an industrial DataOps solution from Rockwell Automation, Inc. It is used to simplify and control access to relevant, reliable and contextualized data. A security vulnerability exists in Rockwell Automation DataMosaix Private Cloud that can be...

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

Adobe InDesign Desktop Heap Buffer Overflow Vulnerability (CNVD-2025-28657)

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

WordPress Team Members Showcase plugin cross-site scripting vulnerability

WordPress Team Members Showcase plugin is a tool for displaying team members' information on your WordPress site, supporting multiple layouts e.g., grids, sliders, tables, lists, etc. and providing filtering, popups, paging, and more. A cross-site scripting vulnerability exists in the WordPress...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2025-28719)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Notifications component. An attacker can exploit this...

Microsoft Office Code Execution Vulnerability (CNVD-2026-00027)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Intel QAT Windows software code issue vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A code issue vulnerability exists in Intel QAT Windows software that originates from an improper conditi...

Intel CIP Input Validation Error Vulnerability (CNVD-2025-28678)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an input validation error vulnerability that stems from improper input validation, which can be exploited by an attacker to cause elevation of...

Tenda AX3 fromSetWifiGusetBasic function stack buffer overflow vulnerability

Tenda AX3 is a home dual-band Gigabit wireless router from Tenda Technology that supports Wi-Fi6 802.11ax standard and focuses on high-performance network coverage and stable connection. The Tenda AX3 suffers from a stack buffer overflow vulnerability that originates from the shareSpeed parameter...

WordPress Plugin Authors List Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Authors List, which stem...

Unauthorized Access Vulnerability in Ruiyou Tianyi Application Virtualization System of Xi'an Ruiyou Information Technology Information Co.

Ruiyou Tianyi Application Virtualization System is a domestic application virtualization platform with independent intellectual property rights, which is based on Server-based Computing. Xi'an Ruiyou Information Technology Co., Ltd. Ruiyou Tianyi Application Virtualization System has an...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-851224)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Microsoft Office Code Execution Vulnerability (CNVD-2026-00028)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to...

Microsoft Excel Information Leakage Vulnerability (CNVD-2026-00026)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which is caused due to improper authorization validation. An attacker could exploit the vulnerability to obtain sensitive information...

Intel QAT Windows software buffer overflow vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has a buffer overflow vulnerability that originates from a buffer overflo...

Intel QAT Windows software untrustworthy pointer dereference vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. An untrusted pointer dereference vulnerability exists in Intel QAT Windows software, which can be...

Intel QAT Windows software null pointer dereference vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A null pointer dereference vulnerability exists in Intel QAT Windows software, which can be exploited by...

Intel QAT Windows software out-of-bounds read vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. The Intel QAT Windows software has an out-of-bounds read vulnerability that originates from an...