Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

WordPress Download Panel plugin unauthorized settings modification vulnerability

WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...

4.3CVSS6.9AI score0.00201EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•12 views

WordPress Broken Link Checker by AIOSEO plugin missing authorization vulnerability

WordPress Broken Link Checker by AIOSEO plugin is a tool for detecting and repairing internal and external links on your website, supporting SEO optimization and website maintenance. WordPress Broken Link Checker by AIOSEO plugin suffers from a missing authorization vulnerability, which can be...

5.4CVSS6.7AI score0.00198EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•11 views

Apache OpenOffice Security Bypass Vulnerability (CNVD-2025-29166)

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by attackers to...

6.5CVSS6.9AI score0.00535EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

Apache OpenOffice Information Disclosure Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...

5.3CVSS6.3AI score0.00448EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Online Shopping Portal login.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of externally-entered SQL statements for the fullname, emailid, and contactno parameters in login.php. An attacker can exploit this vulnerability to execute...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

WordPress AI Engine plugin server-side request forgery vulnerability

WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...

6.8CVSS6.7AI score0.00376EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

WordPress Element Pack Addons for Elementor plugin cross-site scripting vulnerability

WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...

5.4CVSS6AI score0.00147EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Zyxel DX3301-T0 Resource Management Error Vulnerability

The Zyxel DX3301-T0 is a small wireless WiFi router produced by the Chinese company Zyxel. Versions of the Zyxel DX3301-T0 prior to 5.50ABVY.6.3C0 contained a resource management vulnerability. This vulnerability stemmed from uncontrolled consumption of resources by the web server; attackers coul...

7.5CVSS6AI score0.00279EPSS
Exploits0
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

WordPress Icon List Block plugin server-side request forgery vulnerability

WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...

6.4CVSS6.5AI score0.00165EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Dell SmartFabric OS10 Software Command Injection Vulnerability

Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that can be exploited by an attacker to cause code execution...

8.8CVSS8.2AI score0.01187EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

WordPress Plugin Pixel Manager for WooCommerce Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Pixel Manager for WooCommerce has an information disclosure vulnerability, the...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

WordPress CSV to SortTable plugin cross-site scripting vulnerability

WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...

6.4CVSS6.1AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•7 views

Web-Based Internet Laboratory Management System controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. The Web-Based Internet Laboratory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file /course/controller.php. An attacker...

9.8CVSS8.3AI score0.00379EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Courier Management System search-edit.php File SQL Injection Vulnerability

Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Consignment in the file /search-edit.php. An attacker can exploit this...

9.8CVSS7.1AI score0.00359EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Online Voting System /ajax.ph File SQL Injection Vulnerability

Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /ajax.php. An attacker can exploit this vulnerability to execute illega...

8.8CVSS8.2AI score0.00301EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

School Fees Payment Management System /ajax.php?action=login File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement for the parameter Username in the file...

9.8CVSS6AI score0.00382EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

School Fees Payment Management System /manage_course.php File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /managecourse.php. An...

9.8CVSS6AI score0.00382EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...

9.8CVSS8.2AI score0.00379EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

8.8CVSS6AI score0.00304EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

School Fees Payment Management System /ajax.php File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

8.8CVSS6AI score0.00304EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•7 views

School Fees Payment Management System /ajax.php?action=save_payment File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

8.8CVSS6AI score0.00304EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•7 views

School Fees Payment Management System /ajax.php?action=save_course File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the parameter ID of the file...

8.8CVSS6AI score0.00304EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Complaint Management System between-date-userreport.php file cross-site scripting vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the fromdate and todate parameters in between-date-userreport.php, whic...

4.6CVSS6.3AI score0.00197EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Complaint Management System between-date-userreport.php file SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the fromdate and todate parameters in between-date-userreport.php. An attacker can...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

Complaint Management System subcategory.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of the subcategory and category parameters in subcategory.php against externally entered SQL statements. The vulnerability ca...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Small CRM manage-tickets.php file SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the frmid and aremark parameters of manage-tickets.php. An attacker can exploit this vulnerability to execu...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Complaint Management System user-search.php File Cross-Site Scripting Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search parameter of user-search.php, which can be exploited to...

6.1CVSS6.3AI score0.0022EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•7 views

Small CRM change-password.php File SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the oldpass parameter of change-password.php. This vulnerability can be exploited by an attacker to execute...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•2 views

Nero Social Networking Site friendsphoto.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendsphoto.php. An attacker can exploit this vulnerability t...

9.8CVSS7.8AI score0.00431EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Online Voting System /login.php File SQL Injection Vulnerability

Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Username in the file /login.php. An attacker can exploit this vulnerability to execute...

9.8CVSS8.3AI score0.00406EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Complaint Management System reset-password.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the email and mobileno parameters of reset-password.php. An attacker can exploit this...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Online Shopping Portal my-cart.php file cross-site scripting vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the quantity parameter of my-cart.php, which can be exploited to execute arbitrary Web...

5.4CVSS6.3AI score0.0022EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•2 views

Online Shopping Portal search-result.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the product parameter of search-result.php. An attacker can exploit this vulnerability to execute...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Online Shopping Portal admin page SQL Injection Vulnerability

Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

Online Shopping Portal forgot-password.php File SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the email parameter of forgot-password.php. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00399EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Small CRM manage-tickets.php file cross-site scripting vulnerability

Small CRM a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the aremark parameter of manage-tickets.php, which can be exploited to execute arbitrary Web scrip...

6.1CVSS6.3AI score0.0022EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Small CRM quote-details.php file SQL Injection Vulnerability

Small CRM a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id and adminremark parameters of quote-details.php. An attacker can exploit this vulnerability to...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

WordPress everviz plugin cross-site scripting vulnerability

WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.4CVSS6.1AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin unauthorized data modification vulnerability

WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...

5.3CVSS7.1AI score0.00241EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•2 views

WordPress Gutenify plugin cross-site scripting vulnerability

WordPress Gutenify plugin is a free visual site builder for WordPress that provides Full Site Edit FSE functionality to help users quickly build websites with preset blocks and templates. WordPress Gutenify plugin suffers from a cross-site scripting vulnerability that stems from the application's...

6.4CVSS6AI score0.00166EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•2 views

Fortinet FortiWeb Trust Management Issue Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

5.5CVSS7.1AI score0.00107EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

Fortinet FortiADC Buffer Overflow Vulnerability (CNVD-2025-29156)

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when an application processes untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...

6.6CVSS8.1AI score0.00328EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

WordPress Coil Web Monetization plugin Cross-Site Request Forgery Vulnerability

The WordPress Coil Web Monetization plugin is a WordPress plugin that allows websites to monetize content through the WebMonetizationAPI, which allows users to pay content creators directly through a browser extension. The WordPress Coil Web Monetization plugin suffers from a cross-site request...

4.3CVSS6.7AI score0.00136EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•2 views

Zyxel DX3300-T0 operating system command injection vulnerability

The Zyxel DX3300-T0 is a small wireless WiFi router produced by the Chinese company Zyxel. The Zyxel DX3300-T0 has a vulnerability related to operating system command injection. This vulnerability stems from the privilege parameter allowing for command injection after authentication. Attackers ca...

8.8CVSS7.3AI score0.00995EPSS
Exploits0
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Responsive Hotel Site usersetting.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter usname in the file /admin/usersetting.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00373EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•7 views

Nero Social Networking Site profilefriends.php file SQL injection vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /profilefriends.php. An attacker can exploit this vulnerability...

8.8CVSS7AI score0.00344EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

Responsive Hotel Site usersettingdel.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/usersettingdel.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00373EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

WordPress Checkout Files Upload for WooCommerce plugin Cross-Site Scripting Vulnerability

WordPress Checkout Files Upload for WooCommerce plugin is a plugin designed for the WordPress platform that allows users to upload files on the checkout page, often used to collect order-related documents or customization information. The WordPress Checkout Files Upload for WooCommerce plugin...

7.2CVSS6.2AI score0.00202EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•7 views

Binary Vulnerability in DH2100+ of Shenzhen Greenlink Technology Co.

The DH2100+ is a private cloud network storage appliance NAS for home and personal users. A binary vulnerability exists in the Shenzhen Greenlink DH2100+, which can be exploited by attackers to cause a denial of service...

5.9AI score
Exploits0
Total number of security vulnerabilities131179