131179 matches found
WordPress Download Panel plugin unauthorized settings modification vulnerability
WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...
WordPress Broken Link Checker by AIOSEO plugin missing authorization vulnerability
WordPress Broken Link Checker by AIOSEO plugin is a tool for detecting and repairing internal and external links on your website, supporting SEO optimization and website maintenance. WordPress Broken Link Checker by AIOSEO plugin suffers from a missing authorization vulnerability, which can be...
Apache OpenOffice Security Bypass Vulnerability (CNVD-2025-29166)
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A security bypass vulnerability exists in Apache OpenOffice, which can be exploited by attackers to...
Apache OpenOffice Information Disclosure Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...
Online Shopping Portal login.php File SQL Injection Vulnerability
Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of externally-entered SQL statements for the fullname, emailid, and contactno parameters in login.php. An attacker can exploit this vulnerability to execute...
WordPress AI Engine plugin server-side request forgery vulnerability
WordPress AI Engine plugin is a WordPress plugin that is mainly used to integrate OpenAI's ChatGPT, MicrosoftAzure and other AI services into a WordPress website, providing chatbots, content generation, image generation and other features. The WordPress AI Engine plugin suffers from a server-side...
WordPress Element Pack Addons for Elementor plugin cross-site scripting vulnerability
WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...
Zyxel DX3301-T0 Resource Management Error Vulnerability
The Zyxel DX3301-T0 is a small wireless WiFi router produced by the Chinese company Zyxel. Versions of the Zyxel DX3301-T0 prior to 5.50ABVY.6.3C0 contained a resource management vulnerability. This vulnerability stemmed from uncontrolled consumption of resources by the web server; attackers coul...
WordPress Icon List Block plugin server-side request forgery vulnerability
WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...
Dell SmartFabric OS10 Software Command Injection Vulnerability
Dell SmartFabric OS10 Software is a Debian Linux-based operating system from Dell, USA. Dell SmartFabric OS10 Software suffers from a command injection vulnerability that can be exploited by an attacker to cause code execution...
WordPress Plugin Pixel Manager for WooCommerce Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Pixel Manager for WooCommerce has an information disclosure vulnerability, the...
WordPress CSV to SortTable plugin cross-site scripting vulnerability
WordPress CSV to SortTable plugin is WordPress plugin for converting CSV files to interactive sorting tables. The WordPress CSV to SortTable plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data,...
Web-Based Internet Laboratory Management System controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. The Web-Based Internet Laboratory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file /course/controller.php. An attacker...
Courier Management System search-edit.php File SQL Injection Vulnerability
Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Consignment in the file /search-edit.php. An attacker can exploit this...
Online Voting System /ajax.ph File SQL Injection Vulnerability
Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /ajax.php. An attacker can exploit this vulnerability to execute illega...
School Fees Payment Management System /ajax.php?action=login File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement for the parameter Username in the file...
School Fees Payment Management System /manage_course.php File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /managecourse.php. An...
Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...
School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
School Fees Payment Management System /ajax.php File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
School Fees Payment Management System /ajax.php?action=save_payment File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
School Fees Payment Management System /ajax.php?action=save_course File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from a lack of validation of an externally entered SQL statement in the parameter ID of the file...
Complaint Management System between-date-userreport.php file cross-site scripting vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the fromdate and todate parameters in between-date-userreport.php, whic...
Complaint Management System between-date-userreport.php file SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the fromdate and todate parameters in between-date-userreport.php. An attacker can...
Complaint Management System subcategory.php File SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of the subcategory and category parameters in subcategory.php against externally entered SQL statements. The vulnerability ca...
Small CRM manage-tickets.php file SQL Injection Vulnerability
Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the frmid and aremark parameters of manage-tickets.php. An attacker can exploit this vulnerability to execu...
Complaint Management System user-search.php File Cross-Site Scripting Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search parameter of user-search.php, which can be exploited to...
Small CRM change-password.php File SQL Injection Vulnerability
Small CRM a customer relationship management system. Small CRM suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the oldpass parameter of change-password.php. This vulnerability can be exploited by an attacker to execute...
Nero Social Networking Site friendsphoto.php File SQL Injection Vulnerability
Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendsphoto.php. An attacker can exploit this vulnerability t...
Online Voting System /login.php File SQL Injection Vulnerability
Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Username in the file /login.php. An attacker can exploit this vulnerability to execute...
Complaint Management System reset-password.php File SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the email and mobileno parameters of reset-password.php. An attacker can exploit this...
Online Shopping Portal product-details.php file SQL Injection Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...
Online Shopping Portal my-cart.php file cross-site scripting vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the quantity parameter of my-cart.php, which can be exploited to execute arbitrary Web...
Online Shopping Portal search-result.php File SQL Injection Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the product parameter of search-result.php. An attacker can exploit this vulnerability to execute...
Online Shopping Portal admin page SQL Injection Vulnerability
Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of an externally entered SQL statement in the username parameter of the admin page. An attacker can exploit this vulnerability to execute illegal SQL comman...
Online Shopping Portal forgot-password.php File SQL Injection Vulnerability
Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the email parameter of forgot-password.php. No details of the vulnerability are available at this time...
Small CRM manage-tickets.php file cross-site scripting vulnerability
Small CRM a customer relationship management system. Small CRM suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the aremark parameter of manage-tickets.php, which can be exploited to execute arbitrary Web scrip...
Small CRM quote-details.php file SQL Injection Vulnerability
Small CRM a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id and adminremark parameters of quote-details.php. An attacker can exploit this vulnerability to...
WordPress everviz plugin cross-site scripting vulnerability
WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Cryptocurrency Payment Gateway for WooCommerce plugin unauthorized data modification vulnerability
WordPress Cryptocurrency Payment Gateway for WooCommerce plugin is a virtual currency payment collection plugin designed for WooCommerce e-commerce platform. WordPress Cryptocurrency Payment Gateway for WooCommerce plugin suffers from an unauthorized data modification vulnerability that stems fro...
WordPress Gutenify plugin cross-site scripting vulnerability
WordPress Gutenify plugin is a free visual site builder for WordPress that provides Full Site Edit FSE functionality to help users quickly build websites with preset blocks and templates. WordPress Gutenify plugin suffers from a cross-site scripting vulnerability that stems from the application's...
Fortinet FortiWeb Trust Management Issue Vulnerability
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Fortinet FortiADC Buffer Overflow Vulnerability (CNVD-2025-29156)
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when an application processes untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...
WordPress Coil Web Monetization plugin Cross-Site Request Forgery Vulnerability
The WordPress Coil Web Monetization plugin is a WordPress plugin that allows websites to monetize content through the WebMonetizationAPI, which allows users to pay content creators directly through a browser extension. The WordPress Coil Web Monetization plugin suffers from a cross-site request...
Zyxel DX3300-T0 operating system command injection vulnerability
The Zyxel DX3300-T0 is a small wireless WiFi router produced by the Chinese company Zyxel. The Zyxel DX3300-T0 has a vulnerability related to operating system command injection. This vulnerability stems from the privilege parameter allowing for command injection after authentication. Attackers ca...
Responsive Hotel Site usersetting.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter usname in the file /admin/usersetting.php. An attacker can exploit this...
Nero Social Networking Site profilefriends.php file SQL injection vulnerability
Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /profilefriends.php. An attacker can exploit this vulnerability...
Responsive Hotel Site usersettingdel.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/usersettingdel.php. An attacker can exploit this...
WordPress Checkout Files Upload for WooCommerce plugin Cross-Site Scripting Vulnerability
WordPress Checkout Files Upload for WooCommerce plugin is a plugin designed for the WordPress platform that allows users to upload files on the checkout page, often used to collect order-related documents or customization information. The WordPress Checkout Files Upload for WooCommerce plugin...
Binary Vulnerability in DH2100+ of Shenzhen Greenlink Technology Co.
The DH2100+ is a private cloud network storage appliance NAS for home and personal users. A binary vulnerability exists in the Shenzhen Greenlink DH2100+, which can be exploited by attackers to cause a denial of service...