WordPress Smart Auto Upload Images plugin Arbitrary File Upload Vulnerability

WordPress Smart Auto Upload Images plugin is a WordPress plugin that is mainly used to automatically upload and manage images. WordPress Smart Auto Upload Images plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation, which can be exploited by an attacker...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29174)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

IBM Db2 Information Disclosure Vulnerability (CNVD-2025-29173)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM Db2 that stems from the clpplus command exposing...

Google Chrome Insufficient Policy Enforcement Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a policy enforcement insufficiency vulnerability, which stems from Devtools Policy Enforcement Insufficiency, and can be exploited by an attacker to cause a cross-origin data leak...

WordPress Ovatheme Events Manager plugin unauthorized access vulnerability

WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...

QNAP File Station 5 Unlimited or Unthrottled Resource Allocation Vulnerability (CNVD-2025-30284)

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited Resource Allocation or Throttling vulnerability, which can be exploited by an attacker to prevent other systems,...

Google Chrome Permissions Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Permission Misimplementation Vulnerability, no details of the vulnerability are provided at this time...

Google Chrome Improper Privilege Implementation Vulnerability (CNVD-2025-29560)

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Permission Misimplementation Vulnerability, no details of the vulnerability are provided at this time...

QNAP File Station 5 Cross-Site Scripting Vulnerability

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...

Unspecified Vulnerability in IBM Db2 (CNVD-2025-29179)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 that can be exploited by an attacker to regain access after ...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29178)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29177)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

FoxCMS Cross-Site Scripting Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.16 and previous versions of the existence of cross-site scripting vulnerability, the vulnerability stems from the file app/admin/controller/Product.php parameter Title on the user-provided data...

WordPress Asgaros Forum plugin SQL Injection Vulnerability

WordPress Asgaros Forum plugin is a lightweight forum plugin designed specifically for WordPress to support the rapid creation and management of forum pages, providing basic posting, replying, user management and other functions. WordPress Asgaros Forum plugin suffers from a SQL injection...

WordPress IDonate plugin unsafe direct object reference vulnerability

WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...

WordPress Mang Board plugin cross-site scripting vulnerability

WordPress Mang Board plugin is a WordPress plugin that is mainly used to create and manage forum boards or discussion boards. WordPress Mang Board plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Simple Downloads List plugin unauthorized data modification vulnerability

WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...

WordPress WPFunnels plugin unauthorized user registration vulnerability

WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...

WordPress WPFunnels plugin path traversal vulnerability

WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. The WordPress WPFunnels plugin suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file. An attacker can exploit this...

Responsive Hotel Site newsletterdel.php file SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/newsletterdel.php. An attacker can exploit this...

Responsive Hotel Site reservation.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/reservation.php. An attacker can exploit this vulnerabilit...

WordPress WP Airbnb Review Slider plugin cross-site scripting vulnerability

WordPress WP Airbnb Review Slider plugin is a slider plugin for displaying Airbnb reviews on your WordPress website with support for custom animations, layouts and other advanced features. The WordPress WP Airbnb Review Slider plugin suffers from a cross-site scripting vulnerability that stems fr...

Responsive Hotel Site roomdel.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that stems from the /admin/roomdel.php file mishandling the ID parameter and failing to properly validate and filter user input. An attacker can exploit this vulnerability to obta...

Calibre Input Validation Error Vulnerability (CNVD-2025-27923)

Calibre is an open source free all-in-one eBook reading management and format conversion tool. An input validation error vulnerability exists in Calibre 8.13.0 and earlier versions, which stems from handling binary resources in FB2 files without validating the filename, and can be exploited by an...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29176)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

WordPress LC Wizard plugin elevation of privilege vulnerability

WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...

Google Chrome Passkeys Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Passkeys mal-implementation vulnerability, which can be exploited by an attacker to obtain sensitive information via debug logs...

Responsive Hotel Site roombook.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /admin/roombook.php. An attacker can exploit this vulnerability to...

WordPress Contact Form 7 AWeber Extension plugin unauthorized data modification vulnerability

WordPress Contact Form 7 AWeber Extension plugin is an extension plugin designed for WordPress Contact Form 7 plugin for automatic synchronization of form data to AWeber email marketing platform. The WordPress Contact Form 7 AWeber Extension plugin suffers from an unauthorized data modification...

Google Chrome Input Validation Error Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from an input validation error vulnerability that stems from insufficient validation of untrustworthy input in Devtools, which can be exploited by an attacker to execute arbitrary code...

QNAP File Station 5 Unlimited or Unthrottled Resource Allocation Vulnerability

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited Resource Allocation or Throttling vulnerability that can be exploited by an attacker to cause resource access to b...

WordPress Course Booking System plugin Unauthorized Access to Data Vulnerability

The WordPress Course Booking System plugin is a tool designed for course booking that allows users to book courses online, manage scheduling and handle the payment process. An unauthorized access to data vulnerability exists in the WordPress Course Booking System plugin, which can be exploited by...

WordPress Gravity Forms plugin arbitrary file upload vulnerability

WordPress Gravity Forms plugin is a professional forms plugin for the WordPress platform, mainly used to create and manage various interactive forms, supporting data collection, payment processing, workflow automation and other features. WordPress Gravity Forms plugin has an arbitrary file upload...

WordPress Plugin The Events Calendar Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin The Events Calendar has an information disclosure vulnerability, the...

WordPress Ace User Management plugin does not properly validate password reset token vulnerability

WordPress Ace User Management plugin is a WordPress user management plugin developed by Acewebx, mainly used to enhance and customize WordPress user roles, permissions and management features. WordPress Ace User Management plugin suffers from an improperly validated password reset token...

WordPress Easy Email Subscription plugin SQL Injection Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

WordPress Plugin CoSchool LMSSQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31064)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass of the ztpconfigid parameter of the NetworkServlet...

Advantech WebAccess/VPN AjaxNetworkController.ajaxAction Function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech WebAccess/VPN AppManagementController.appUpgradeAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech WebAccess/VPN NetworksController.addNetworkAction function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31061)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31063)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

Advantech WebAccess/VPN NetworksController.addNetworkAction function cross-site scripting vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

Advantech WebAccess/VPN StandaloneVpnClientsController.addStandaloneVpnClientAction function cross-site scripting vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

Advantech WebAccess/VPN Command Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a command injection...

Advantech WebAccess/VPN Absolute Path Traversal Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...

CMSimple_XH cross-site scripting vulnerability (CNVD-2026-02642)

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, for...

WordPress Plugin Atarim Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Atarim, which can be...

WordPress Plugin MeetingHub Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MeetingHub, which can be...