131179 matches found
WordPress Checkout Files Upload for WooCommerce plugin Cross-Site Scripting Vulnerability
WordPress Checkout Files Upload for WooCommerce plugin is a plugin designed for the WordPress platform that allows users to upload files on the checkout page, often used to collect order-related documents or customization information. The WordPress Checkout Files Upload for WooCommerce plugin...
Web-Based Internet Laboratory Management System /subject/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally-entered SQL statements in the file /subject/controller.php. An attacker c...
Web-Based Internet Laboratory Management System /enrollment/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /enrollment/controller.php. An attacke...
Web-Based Internet Laboratory Management System /settings/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /settings/controller.php. An attacker...
Siemens Mendix Rich Text Component Cross-Site Scripting Vulnerability
The Mendix Rich Text component is a powerful rich text editor. Create richly formatted text with HTML output. A cross-site scripting vulnerability exists in the Siemens Mendix RichText component, version V4.0.0 through versions prior to V4.6.1, which can be exploited to implant cross-site scripti...
Google Chrome Type Obfuscation Vulnerability
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...
Google Chrome Type Obfuscation Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...
Courier Management System add-new-officer.php File SQL Injection Vulnerability
Courier Management System is a courier management system. Courier Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ManagerName in the file /add-new-officer.php. An attacker can exploit this...
School Fees Payment Management System /ajax.php?action=save_payment File SQL Injection Vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
WordPress everviz plugin cross-site scripting vulnerability
WordPress everviz plugin is an interactive chart, map and table generator for the WordPress platform that allows you to quickly create visual content without programming skills. WordPress everviz plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Icon List Block plugin server-side request forgery vulnerability
WordPress Icon List Block plugin is a plugin designed for WordPress to insert custom icon lists in the block editor Gutenberg. The WordPress Icon List Block plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function failing to implement an adequate...
WordPress Element Pack Addons for Elementor plugin cross-site scripting vulnerability
WordPress Element Pack Addons for Elementor plugin is an extension plugin designed for Elementor page builder that provides rich feature modules and templates for creating professional web designs. The WordPress Element Pack Addons for Elementor plugin suffers from a cross-site scripting...
WordPress Category and Product Woocommerce Tabs plugin file inclusion vulnerability
WordPress Category and Product Woocommerce Tabs plugin is a plugin for WordPress websites, the main function is to add custom tabs Tabs to WooCommerce product pages to organize and display product information, categories and other content. A file inclusion vulnerability exists in the WordPress...
Fortinet FortiClientWindows Access Control Error Vulnerability
Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. An Access Control Error vulnerabili...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-891462)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
mall-swarm authorization issue vulnerability (CNVD-2026-10878)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...
WordPress Booster for WooCommerce Plugin Missing Authorization Vulnerability
WordPress Booster for WooCommerce Plugin is a multi-functional plugin designed specifically for the WooCommerce e-commerce platform, offering more than 100 features including PDF invoices, product variants, wish lists, and other tools designed to streamline e-commerce operations and enhance user...
WordPress ChatBot plugin missing authorization vulnerability
WordPress ChatBot plugin is a tool that provides live chat and AI chatbot functionality for WordPress websites, helping users to instantly communicate with visitors, increase customer satisfaction and optimize sales conversions. WordPress ChatBot plugin suffers from a lack of authorization...
WordPress Booster for WooCommerce Plugin Cross-Site Scripting Vulnerability
WordPress Booster for WooCommerce Plugin is a multi-functional plugin designed specifically for the WooCommerce e-commerce platform, offering more than 100 features including PDF invoices, product variants, wish lists, and other tools designed to streamline e-commerce operations and enhance user...
TOTOLINK A950RG Command Injection Vulnerability
TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a command injection vulnerability that stems from a failure to properly filter construct...
DELL Alienware Command Center Temporary File Insecurity Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. DELL Alienware Command Center has a temporary file insecurity vulnerability that can be exploited by...
WordPress WPKoi Templates for Elementor plugin missing license vulnerability
WordPress WPKoi Templates for Elementor plugin is a template plugin designed for Elementor page builder, offering 400+ preset templates and dynamic elements to help users quickly create visual websites. The WordPress WPKoi Templates for Elementor plugin suffers from a missing authorization...
WordPress WooCommerce PDF Invoice Builder plugin missing license vulnerability
WordPress WooCommerce PDF Invoice Builder plugin is designed for WooCommerce e-commerce platform invoice and packing slip generation tool, support customized templates, multi-language, conditional generation and other features, to help merchants create professional documents in line with the bran...
WordPress Frontend File Manager Plugin Missing Authorization Vulnerability
WordPress Frontend File Manager Plugin is a plugin that allows users to upload, manage and share files through a frontend interface that supports secure storage and permission control. A lack of authorization vulnerability exists in WordPress Frontend File Manager Plugin, which can be exploited b...
WordPress WP Headless CMS Framework plugin bypasses protection mechanism vulnerability
The WordPress WP Headless CMS Framework plugin is a tool for converting WordPress to HeadlessCMS Headless Content Management System, separating content management from front-end presentation via RESTAPI or GraphQL interfaces. The WordPress WP Headless CMS Framework plugin suffers from a protectio...
WordPress SureForms plugin information disclosure vulnerability
WordPress SureForms plugin is a drag-and-drop form builder plugin designed for WordPress, supporting the creation of multi-step forms, dialog forms and other complex features, no programming can quickly build forms. WordPress SureForms plugin suffers from an information disclosure vulnerability...
WordPress Data Tables Generator by Supsystic plugin Arbitrary File Deletion Vulnerability
WordPress Data Tables Generator by Supsystic plugin is WordPress plugin for creating interactive tables and charts that support data visualization and dynamic content presentation. WordPress Data Tables Generator by Supsystic plugin has an arbitrary file deletion vulnerability that stems from...
WordPress Content Flipper plugin cross-site scripting vulnerability
WordPress Content Flipper plugin is an open source WordPress plugin , mainly used for content display and interactive features . A cross-site scripting vulnerability exists in the WordPress Content Flipper plugin, which stems from insufficient input cleanup and output escaping of the parameter...
WordPress Plugin Comment Edit Core - Simple Comment Editing Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...
TOTOLINK A950RG Buffer Overflow Vulnerability
TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that stems from a failure to properly validate the length...
D-Link DIR-823G Command Injection Vulnerability
The D-Link DIR-823G is a home dual-band Gigabit wireless router with second-generation 802.11ac Wi-Fi5 technology designed for medium- to high-speed broadband networks. The D-Link DIR-823G suffers from a command injection vulnerability that stems from the failure of timelycheck and sysconf binari...
TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29710)
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from the unvalidated magicid and url parameters in the...
Google Chrome Fullscreen Improperly Implemented Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Fullscreen misimplementation vulnerability, no details of the vulnerability are provided at this time...
Unspecified vulnerability in mall-swarm
mall-swarm is a microservice mall system. There is a security vulnerability in mall-swarm, which originates from the mishandling of the orderID parameter in the paySuccess function in the file /order/paySuccess, for which no detailed vulnerability details are available at this time...
Desktop Alert PingAlert Elevation of Privilege Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an elevation of privilege vulnerability that stems from improper access...
Student Record Management System login.php File SQL Injection Vulnerability
Student Record Management System is a software application. Student Record Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the id and password parameters of login.php. An attacker can exploit this...
Desktop Alert PingAlert Improper Access Control Vulnerability (CNVD-2025-29430)
Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an Improper Access Control vulnerability that stems from improper access...
Simple Online Hotel Reservation System add_query_reserve.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that stems from the /addqueryreserve.php file failing to effectively filter the roomid parameter. No details of the vulnerability a...
WordPress WP Manager plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...
SQL Injection Vulnerability in UFIDA BIP Data Application Service of UFIDA Network Technology Co. Ltd (CNVD-C-2025-879635)
UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...
Desktop Alert Unspecified Vulnerability in PingAlert (CNVD-2025-29434)
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An unspecified vulnerability exists in Desktop Alert PingAlert, which arises from the presence of corrupt or insecu...
WordPress Booking Manager plugin cross-site scripting vulnerability
WordPress Booking Manager plugin is a tool for managing appointments and schedules, supporting features such as synchronization with external ICS calendars, importing events and exporting booking data. A cross-site scripting vulnerability exists in the WordPress Booking Manager plugin, which stem...
mall-swarm authorization issue vulnerability (CNVD-2026-10881)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from an improper authorization issue in the updateAttr function in the file /cart/update/attr. No detailed vulnerability details are available at this time...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-879182)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Desktop Alert PingAlert Information Disclosure Vulnerability (CNVD-2025-29404)
Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An information disclosure vulnerability exists in Desktop Alert PingAlert, which stems from a policy incompatibili...
Advantech TP-3250 Denial of Service Vulnerability
Advantech TP-3250 is a printer from Advantech, China. The Advantech TP-3250 suffers from a denial of service vulnerability due to a heap corruption flaw in DrvUIx64Advantech.dll when DocumentPropertiesW is called with a valid dmDriverExtra but outputs a buffer. An attacker can exploit this...
WordPress Theater for WordPress plugin missing license vulnerability
WordPress Theater for WordPress plugin is a plugin designed for advanced users and developers to manage theater related features such as show scheduling, ticketing system and more. A lack of authorization vulnerability exists in the WordPress Theater for WordPress plugin, which can be exploited b...
D-Link DIR-816L Buffer Overflow Vulnerability
DIR-816L is a wireless router product from D-Link. A stack buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from failure to properly validate the input length when manipulating the en parameter of the scandirmain function in the /portal/ajaxexporer.sgi...
WordPress WP Content Pilot plugin missing license vulnerability
WordPress WP Content Pilot plugin is an automated content capture plugin designed for WordPress that supports grabbing content from multiple platforms e.g. Amazon, Pinterest, Instagram, etc. and posting it to the site automatically. A lack of authorization vulnerability exists in the WordPress WP...
Simple Online Hotel Reservation System edit_account.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. The Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the /admin/editaccount.php file that does not securely filter the adminid parameter. An attacker can explo...