Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Fortinet FortiADC Buffer Overflow Vulnerability (CNVD-2025-29156)

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. The Fortinet FortiADC suffers from a buffer overflow vulnerability that originates from a boundary error when an application processes untrusted input. An attacker could exploit this vulnerability to execute arbitrary cod...

6.6CVSS8.1AI score0.00358EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•3 views

WordPress Checkout Files Upload for WooCommerce plugin Cross-Site Scripting Vulnerability

WordPress Checkout Files Upload for WooCommerce plugin is a plugin designed for the WordPress platform that allows users to upload files on the checkout page, often used to collect order-related documents or customization information. The WordPress Checkout Files Upload for WooCommerce plugin...

7.2CVSS6.2AI score0.00221EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...

9.8CVSS8.2AI score0.00379EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Web-Based Internet Laboratory Management System /enrollment/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /enrollment/controller.php. An attacke...

9.8CVSS8.2AI score0.00406EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Web-Based Internet Laboratory Management System /settings/controller.php File SQL Injection Vulnerability

Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /settings/controller.php. An attacker...

9.8CVSS8.2AI score0.00379EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

Siemens Mendix Rich Text Component Cross-Site Scripting Vulnerability

The Mendix Rich Text component is a powerful rich text editor. Create richly formatted text with HTML output. A cross-site scripting vulnerability exists in the Siemens Mendix RichText component, version V4.0.0 through versions prior to V4.6.1, which can be exploited to implant cross-site scripti...

6.8CVSS6AI score0.00231EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Google Chrome Type Obfuscation Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...

8.8CVSS6.8AI score0.04915EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Google Chrome Type Obfuscation Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...

8.8CVSS6.8AI score0.00454EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

Courier Management System add-new-officer.php File SQL Injection Vulnerability

Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ManagerName in the file /add-new-officer.php. An attacker can exploit this...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•8 views

School Fees Payment Management System /ajax.php?action=save_payment File SQL Injection Vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

8.8CVSS6AI score0.00304EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•4 views

WordPress everviz plugin cross-site scripting vulnerability

WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.4CVSS6.1AI score0.00181EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•6 views

WordPress Icon List Block plugin server-side request forgery vulnerability

WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...

6.4CVSS6.5AI score0.00181EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

WordPress Element Pack Addons for Elementor plugin cross-site scripting vulnerability

WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...

5.4CVSS6AI score0.00164EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/20 12:0 a.m.•5 views

WordPress Category and Product Woocommerce Tabs plugin file inclusion vulnerability

WordPress Category and Product Woocommerce Tabs plugin is a plugin for WordPress websites, the main function is to add custom tabs Tabs to WooCommerce product pages to organize and display product information, categories and other content. A file inclusion vulnerability exists in the WordPress...

8.8CVSS7.3AI score0.00324EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/19 12:0 a.m.•5 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-891462)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

mall-swarm authorization issue vulnerability (CNVD-2026-10878)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...

5.5CVSS5.5AI score0.00296EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress Booster for WooCommerce Plugin Missing Authorization Vulnerability

WordPress Booster for WooCommerce Plugin is a multi-functional plugin designed specifically for the WooCommerce e-commerce platform, offering more than 100 features including PDF invoices, product variants, wish lists, and other tools designed to streamline e-commerce operations and enhance user...

4.3CVSS6.8AI score0.00182EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress ChatBot plugin missing authorization vulnerability

WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...

5.3CVSS6.8AI score0.00264EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

WordPress Booster for WooCommerce Plugin Cross-Site Scripting Vulnerability

WordPress Booster for WooCommerce Plugin is a multi-functional plugin designed specifically for the WooCommerce e-commerce platform, offering more than 100 features including PDF invoices, product variants, wish lists, and other tools designed to streamline e-commerce operations and enhance user...

6.5CVSS6.2AI score0.00155EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

TOTOLINK A950RG Command Injection Vulnerability

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a command injection vulnerability that stems from a failure to properly filter construct...

6.5CVSS7.7AI score0.02538EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

DELL Alienware Command Center Temporary File Insecurity Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center has a temporary file insecurity vulnerability that can be exploited by...

6.6CVSS7AI score0.00111EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

WordPress WPKoi Templates for Elementor plugin missing license vulnerability

WordPress WPKoi Templates for Elementor plugin is a template plugin designed for Elementor page builder, offering 400+ preset templates and dynamic elements to help users quickly create visual websites. The WordPress WPKoi Templates for Elementor plugin suffers from a missing authorization...

4.3CVSS6.7AI score0.00178EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress WooCommerce PDF Invoice Builder plugin missing license vulnerability

WordPress WooCommerce PDF Invoice Builder plugin is designed for WooCommerce e-commerce platform invoice and packing slip generation tool, support customized templates, multi-language, conditional generation and other features, to help merchants create professional documents in line with the bran...

4.3CVSS6.8AI score0.00189EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress Frontend File Manager Plugin Missing Authorization Vulnerability

WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. A lack of authorization vulnerability exists in WordPress Frontend File Manager Plugin, which can be exploited b...

4.3CVSS6.4AI score0.00184EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

WordPress WP Headless CMS Framework plugin bypasses protection mechanism vulnerability

The WordPress WP Headless CMS Framework plugin is a tool for converting WordPress to HeadlessCMS Headless Content Management System, separating content management from front-end presentation via RESTAPI or GraphQL interfaces. The WordPress WP Headless CMS Framework plugin suffers from a protectio...

5.3CVSS6.9AI score0.00329EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress SureForms plugin information disclosure vulnerability

WordPress SureForms plugin is a drag-and-drop form builder plugin designed for WordPress, supporting the creation of multi-step forms, dialog forms and other complex features, no programming can quickly build forms. WordPress SureForms plugin suffers from an information disclosure vulnerability...

5.3CVSS6AI score0.00809EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress Data Tables Generator by Supsystic plugin Arbitrary File Deletion Vulnerability

WordPress Data Tables Generator by Supsystic plugin is WordPress plugin for creating interactive tables and charts that support data visualization and dynamic content presentation. WordPress Data Tables Generator by Supsystic plugin has an arbitrary file deletion vulnerability that stems from...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

WordPress Content Flipper plugin cross-site scripting vulnerability

WordPress Content Flipper plugin is an open source WordPress plugin , mainly used for content display and interactive features . A cross-site scripting vulnerability exists in the WordPress Content Flipper plugin, which stems from insufficient input cleanup and output escaping of the parameter...

6.4CVSS6AI score0.00211EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress Plugin Comment Edit Core - Simple Comment Editing Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...

5.3CVSS5.8AI score0.00287EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

TOTOLINK A950RG Buffer Overflow Vulnerability

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that stems from a failure to properly validate the length...

6.5CVSS7.3AI score0.00839EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•8 views

D-Link DIR-823G Command Injection Vulnerability

The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a command injection vulnerability that stems from the failure of timelycheck and sysconf binari...

5.4CVSS5.9AI score0.01453EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...

6.5CVSS7.8AI score0.01461EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Google Chrome Fullscreen Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Fullscreen misimplementation vulnerability, no details of the vulnerability are provided at this time...

4.3CVSS6.8AI score0.00198EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Unspecified vulnerability in mall-swarm

mall-swarm is a microservice mall system. There is a security vulnerability in mall-swarm, which originates from the mishandling of the orderID parameter in the paySuccess function in the file /order/paySuccess, for which no detailed vulnerability details are available at this time...

6.5CVSS5.5AI score0.00232EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Desktop Alert PingAlert Elevation of Privilege Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an elevation of privilege vulnerability that stems from improper access...

9.6CVSS7.1AI score0.00256EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•7 views

Student Record Management System login.php File SQL Injection Vulnerability

Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...

6.5CVSS8.4AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Desktop Alert PingAlert Improper Access Control Vulnerability (CNVD-2025-29430)

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an Improper Access Control vulnerability that stems from improper access...

10CVSS6.9AI score0.003EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Simple Online Hotel Reservation System add_query_reserve.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that stems from the /addqueryreserve.php file failing to effectively filter the roomid parameter. No details of the vulnerability a...

9.8CVSS8AI score0.00434EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

WordPress WP Manager plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...

6.5CVSS6.8AI score0.00105EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•7 views

SQL Injection Vulnerability in UFIDA BIP Data Application Service of UFIDA Network Technology Co. Ltd (CNVD-C-2025-879635)

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Desktop Alert Unspecified Vulnerability in PingAlert (CNVD-2025-29434)

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An unspecified vulnerability exists in Desktop Alert PingAlert, which arises from the presence of corrupt or insecu...

4.1CVSS6.8AI score0.00085EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

WordPress Booking Manager plugin cross-site scripting vulnerability

WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...

6.5CVSS6.3AI score0.00151EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

mall-swarm authorization issue vulnerability (CNVD-2026-10881)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from an improper authorization issue in the updateAttr function in the file /cart/update/attr. No detailed vulnerability details are available at this time...

6.5CVSS5.5AI score0.00234EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-879182)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Desktop Alert PingAlert Information Disclosure Vulnerability (CNVD-2025-29404)

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An information disclosure vulnerability exists in Desktop Alert PingAlert, which stems from a policy incompatibili...

3.3CVSS6.1AI score0.00085EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Advantech TP-3250 Denial of Service Vulnerability

Advantech TP-3250 is a printer from Advantech, China. The Advantech TP-3250 suffers from a denial of service vulnerability due to a heap corruption flaw in DrvUIx64Advantech.dll when DocumentPropertiesW is called with a valid dmDriverExtra but outputs a buffer. An attacker can exploit this...

6.8CVSS6AI score0.00202EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

WordPress Theater for WordPress plugin missing license vulnerability

WordPress Theater for WordPress plugin is a plugin designed for advanced users and developers to manage theater related features such as show scheduling, ticketing system and more. A lack of authorization vulnerability exists in the WordPress Theater for WordPress plugin, which can be exploited b...

6.5CVSS6.5AI score0.00198EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

D-Link DIR-816L Buffer Overflow Vulnerability

DIR-816L is a wireless router product from D-Link. A stack buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from failure to properly validate the input length when manipulating the en parameter of the scandirmain function in the /portal/ajaxexporer.sgi...

9CVSS8.2AI score0.0082EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

WordPress WP Content Pilot plugin missing license vulnerability

WordPress WP Content Pilot plugin is an automated content capture plugin designed for WordPress that supports grabbing content from multiple platforms e.g. Amazon, Pinterest, Instagram, etc. and posting it to the site automatically. A lack of authorization vulnerability exists in the WordPress WP...

5.4CVSS6.8AI score0.00191EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Simple Online Hotel Reservation System edit_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. The Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the /admin/editaccount.php file that does not securely filter the adminid parameter. An attacker can explo...

9.8CVSS8.3AI score0.00382EPSS
Exploits1References1
Total number of security vulnerabilities131179