131179 matches found
AMD CPU Entropy Mishandling Vulnerability
AMD CPUs are a family of CPUs from AMD. AMD CPUs suffer from an entropy mishandling vulnerability, no details of the vulnerability are provided at this time...
WordPress EchBay Admin Security plugin cross-site scripting vulnerability
WordPress EchBay Admin Security plugin is a once widely used security tool designed to provide an extra layer of protection for the WordPress admin backend. The WordPress EchBay Admin Security plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress BigBuy Dropshipping Connector for WooCommerce plugin IP address forgery vulnerability
WordPress BigBuy Dropshipping Connector for WooCommerce plugin is an open source plugin for the WordPress platform for WooCommerce e-commerce platform , support and BigBuy and other Dropshipping supplier docking , to achieve automatic synchronization of goods It supports interfacing with BigBuy a...
WordPress Checkbox plugin unauthorized data loss vulnerability
WordPress Checkbox plugin are functional plugins designed to add or enhance checkbox functionality to a website. WordPress Checkbox plugin suffers from an unauthorized data loss vulnerability that stems from a lack of permission checking, which can be exploited by an attacker to cause unauthorize...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
WordPress Gutenverse plugin missing license vulnerability
The WordPress Gutenverse plugin is a plugin built specifically for WordPress sites, designed to enhance the Gutenberg editor and provide a richer page design and editing experience. WordPress Gutenverse plugin suffers from a missing authorization vulnerability that can be exploited by attackers t...
WordPress Gutenverse Form plugin missing authorization vulnerability
WordPress Gutenverse Form plugin is a form builder plugin designed for WordPress' Gutenberg block editor, designed to help users create feature-rich forms without writing code. A lack of authorization vulnerability exists in WordPress Gutenverse Form plugin, which can be exploited by attackers to...
WordPress Bulma Shortcodes plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bulma Shortcodes plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unsafe direct object reference vulnerability
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. The WordPress ELEX WordPress HelpDesk & Customer Ticketing Syste...
WordPress Custom Post Type plugin Cross-Site Request Forgery Vulnerability
WordPress Custom Post Type plugin is a collective term for a class of plugins that are designed to help users easily create and manage custom post types through a graphical interface. A cross-site request forgery vulnerability exists in the WordPress Custom Post Type plugin, which arises from a w...
WordPress AudioTube plugin cross-site scripting vulnerability
WordPress AudioTube plugin is an open source audio player plugin for the WordPress platform, mainly used to embed and play audio content on the website. WordPress AudioTube plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...
WordPress Plugin Accessibility Toolkit by WebYes Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Accessibility Toolkit by WebYes, which...
WordPress Cart Weight for WooCommerce plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Cart Weight for WooCommerce plugin, which can be exploited by an attacker to leverage a misconfigured access contro...
WordPress I Order Terms plugin cross-site request forgery vulnerability
WordPress I Order Terms plugin is a plugin that adds sorting or ordering functionality to WordPress taxonomies such as taxonomies, tags, and custom taxonomies. The WordPress I Order Terms plugin suffers from a cross-site request forgery vulnerability that stems from a web application that does no...
WordPress Chat Help plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Chat Help plugin, which can be exploited by an attacker to leverage an incorrectly configured access control securi...
WordPress Accordion Slider plugin cross-site scripting vulnerability
WordPress Accordion Slider plugin is a plugin for creating collapsible sliders AccordionSlider. The WordPress Accordion Slider plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
WordPress Plugin LearnPress Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin LearnPress, which stems...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30133)
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
SQL Injection Vulnerability in RB Enterprise Management System of Shanghai Ruifang Technology Co.
RB Enterprise Management System is a zero-code, open source and free enterprise management system. RB Enterprise Management System of Shanghai Ruifang Technology Co., Ltd. suffers from SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the databa...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-923949)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unauthorized data modification vulnerability (CNVD-2025-30131)
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk & Customer Ticketing System...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-921601)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress ELEX WordPress HelpDesk&Customer Ticketing System plugin missing privilege check vulnerability
WordPress ELEX WordPress HelpDesk& Customer Ticketing System plugin is a helpdesk and customer work order system plugin designed for WordPress websites, designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk& Customer Ticketing...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-925280)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress BrightTALK Shortcode plugin cross-site scripting vulnerability
The WordPress BrightTALK Shortcode plugin is a plugin for WordPress designed to integrate BrightTALK's webinar functionality through shortcodes. The WordPress BrightTALK Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filterin...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925115)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Bold Page Builder plugin cross-site scripting vulnerability
WordPress Bold Page Builder plugin is a WordPress page builder plugin that supports drag and drop editing and real-time front and back end previews for quickly creating responsive web page layouts. WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems fro...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924158)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Appointment Booking Calendar plugin missing authorization vulnerability
WordPress Appointment Booking Calendar plugin is a tool for creating and managing an appointment system on your WordPress website, supporting calendar view, form customization, email notifications and other features for clinics, gyms, beauty salons and other scenarios. The WordPress Appointment...
WordPress Plugin OneClick Chat to Order Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin OneClick Chat to Order,...
WordPress Booking Calendar Contact Form Plugin Missing Authorization Vulnerability
WordPress Booking Calendar Contact Form Plugin is a tool for creating contact forms with booking calendar functionality, supporting date selection, price configuration, PayPal payment integration, etc. for hotel and event booking scenarios. The WordPress Booking Calendar Contact Form Plugin suffe...
WordPress Plugin CP Contact Form with PayPal Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin CP Contact Form with PayPal, which stem...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924847)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-926218)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925400)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
AMD StoreMI Default Privilege Misconfiguration Vulnerability
AMD StoreMI is an intelligent storage management technology developed by AMD that automatically optimizes the location of data storage to improve system performance by combining the benefits of solid state drives SSDs and mechanical hard drives HDDs. AMD StoreMI suffers from a default privilege...
AMD StoreMI DLL Hijacking Vulnerability
AMD StoreMI is an intelligent storage management technology developed by AMD that automatically optimizes data storage locations to improve system performance by combining the benefits of solid state drives SSDs and mechanical hard drives HDDs. AMD StoreMI suffers from a DLL hijacking vulnerabili...
WordPress Display Pages Shortcode plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Display Pages Shortcode plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
WordPress Import WP plugin Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress Import WP plugin, which stems from a lack of .htaccess protection for the import and export functionality, which can ...
AMD CPUs have an unspecified vulnerability
AMD CPUs are a family of CPUs from AMD. An unspecified vulnerability exists in AMD CPUs, which can be exploited by an attacker to run SEV-SNP clients with stale TLB entries, resulting in a loss of data integrity...
WordPress Custom Order Numbers for WooCommerce plugin missing authorization vulnerability
The WordPress Custom Order Numbers for WooCommerce plugin is an open source plugin for WooCommerce an e-commerce plugin for WordPress designed to allow users to customize the rules for generating order numbers. WordPress Custom Order Numbers for WooCommerce plugin suffers from a missing...
WordPress Arconix Shortcodes plugin missing authorization vulnerability
WordPress Arconix Shortcodes plugin is a multifunctional WordPress plugin that offers a wide range of shortcodes functionality and supports the addition of accordions, labels, buttons and other elements to your website. WordPress Arconix Shortcodes plugin suffers from a missing authorization...
WordPress HT Mega plugin cross-site scripting vulnerability
WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...
WordPress Better Chat Support for Messenger plugin missing license vulnerability
WordPress Better Chat Support for Messenger plugin is a live chat feature for WordPress websites that supports FacebookMessenger integration, allowing users to communicate with visitors instantly through a chat window. The WordPress Better Chat Support for Messenger plugin suffers from a missing...
WordPress Plugin Seriously Simple Podcasting Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Seriously Simple...
WordPress Affiliate AI Lite plugin cross-site scripting vulnerability
WordPress Affiliate AI Lite plugin is an affiliate marketing plugin for WordPress designed to help users boost traffic and revenue through customer referral and promotion programs. The WordPress Affiliate AI Lite plugin suffers from a cross-site scripting vulnerability that stems from the...
WordPress AuthorSure plugin cross-site request forgery vulnerability
WordPress AuthorSure plugin is an open source plugin designed for the WordPress platform, mainly used to manage the submission process of multi-author sites. WordPress AuthorSure plugin has a cross-site request forgery vulnerability, the vulnerability stems from the lack of random number validati...
Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2025-29420)
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Tenda AC21 SetVirtualServerCfg File Buffer Overflow Vulnerability
Tenda AC21 is a dual-band Gigabit wireless router launched by Tenda Technology, designed for home high-speed Internet needs, supporting 802.11acwave2 technology, dual-band concurrent rate up to 2033Mbps, of which the 5GHz band rate up to 1733Mbps, to meet the high-bandwidth applications, such as ...
UTT Progressive 750W Command Injection Vulnerability
The UTT Progressive 750W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 750W suffers from a command injection vulnerability that stems from the failure of the parameter...