Lucene search
+L

131179 matches found

cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Simple Online Hotel Reservation System edit_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. The Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the /admin/editaccount.php file that does not securely filter the adminid parameter. An attacker can explo...

9.8CVSS8.3AI score0.00382EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•10 views

D-Link DIR-823G Denial of Service Vulnerability

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A security vulnerability exists in D-Link DIR-823G A1 v1.0.2B05, which originates from a null pointer dereference in the SetWLanRadioSettings function. An attacker can exploit this vulnerability to cause a DoS...

7.5CVSS6.9AI score0.04624EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Linksys E1200 Stack Buffer Overflow Vulnerability

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...

8.8CVSS7.9AI score0.03906EPSS
Exploits3References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

TOTOLINK LR1200GB Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a command injection vulnerability that stems from the cstecgi.cgi binary file failing to properly filter...

6.5CVSS7.4AI score0.06641EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00025)

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...

8.8CVSS7.9AI score0.00714EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•1 views

TOTOLINK A720R Stack Buffer Overflow Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...

5.1CVSS7.3AI score0.00216EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00024)

The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...

7.5CVSS7.9AI score0.01149EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

D-Link DIR-823G Command Injection Vulnerability (CNVD-2025-30949)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

5.4CVSS8.3AI score0.01495EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Directory Traversal Vulnerability in UFIDA BIP Data Application Service of UFIDA Network Technology Co.

UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...

5.9AI score
Exploits0
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

mall-swarm authorization issue vulnerability (CNVD-2026-10877)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...

5.5CVSS5.5AI score0.00296EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress Welcart e-Commerce Plugin Unauthorized Access Vulnerability

WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...

5.3CVSS6.7AI score0.00233EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Student Record System add-course.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the course-short, course-full, and cdate parameters in add-course.php. An attacker can exploit this...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•12 views

WordPress Survey Maker plugin missing license vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. A lack of authorization vulnerability exists in WordPress Survey Maker plugin, which can be exploited by ...

6.5CVSS6.6AI score0.00233EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•11 views

WordPress quicq plugin missing capability check vulnerability

WordPress quicq plugin is an image optimization tool designed for WordPress that automatically compresses and resizes images to improve website performance. A missing capability check vulnerability exists in WordPress quicq plugin, which can be exploited by attackers to cause unauthorized data...

4.3CVSS6.4AI score0.00194EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Student Record System add-subject.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the sub1, sub2, sub3, sub4, and course-short parameters of add-subject.php. An attacker can exploit this...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability

WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...

5.9CVSS6.1AI score0.00162EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

WordPress WooCommerce Ultimate Points And Rewards plugin Information Disclosure Vulnerability

WordPress WooCommerce Ultimate Points And Rewards plugin is a points and rewards management tool designed for WooCommerce, which awards points through customer behavior e.g., purchases, registrations, comments, etc. and supports redemption of discounts, coupons or free products, aiming to increas...

4.3CVSS6.3AI score0.00206EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•8 views

Student Record System admin-profile.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...

6.5CVSS8.3AI score0.00192EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Student Record System password-recovery.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements for the id and emailid parameters in password-recovery.php. An attacker can exploit this vulnerability to...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Student Record System change-password.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...

6.5CVSS8.3AI score0.00235EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Desktop Alert PingAlert Improper Access Control Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an improper access control vulnerability that can be exploited by an attacker ...

4.3CVSS6.8AI score0.00195EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Desktop Alert PingAlert Server-Side Request Forgery Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...

3.8CVSS7.2AI score0.00184EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

DELL Alienware Command Center Elevation of Privilege Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An elevation of privilege vulnerability exists in DELL Alienware Command Center, which stems from an...

7.8CVSS7.3AI score0.00121EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Desktop Alert PingAlert Path Traversal Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. A path traversal vulnerability exists in Desktop Alert PingAlert, which can be exploited to load arbitrary external...

3.7CVSS7AI score0.00269EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

WordPress Contact Form Email plugin missing authorization vulnerability

WordPress Contact Form Email plugin is a powerful contact form tool that is mainly used to create contact forms and email the submitted data to a specified address, while supporting data storage, report generation and export features. A lack of authorization vulnerability exists in the WordPress...

6.5CVSS6.6AI score0.00226EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

D-Link DIR-816L Buffer Overflow Vulnerability

DIR-816L is a wireless router product from D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which originates from the soapcgimain function in the /soap.cgi file that does not perform a valid bounds check on input data. An attacker could use this...

9.8CVSS8.1AI score0.00897EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•9 views

Google Chrome on iO SInternals Post-Release Reuse Vulnerability

Google Chrome on iOS is a mobile browser designed by Google for Apple cell phone users, supporting cross-device synchronization, multi-tab browsing, voice search and other features to provide a smooth web browsing experience. Google Chrome on iOS suffers from an Internals reuse-after-release...

7.5CVSS6.5AI score0.00217EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Simple Cafe Ordering System add_to_cart File Cross Site Scripting Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a cross-site scripting vulnerability that arises from insufficient security filtering of the productname parameter in the /addtocart file. An attacker could use this vulnerability to execu...

5.4CVSS4.5AI score0.0025EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Simple Cafe Ordering System addmem.php File SQL Injection Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the lack of secure filtering of the studentnum parameter in the /addmem.php file. No details of the vulnerability are available at this time...

9.8CVSS7.8AI score0.00379EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Simple Cafe Ordering System login.php File SQL Injection Vulnerability

Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the /login.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability to remotely obtain sensitiv...

9.8CVSS7.6AI score0.0045EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Desktop Alert PingAlert Cross-Site Scripting Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.5CVSS6.2AI score0.00165EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•12 views

TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...

6.5CVSS7.7AI score0.01017EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

WordPress Survey Maker plugin missing capability check vulnerability

WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...

5.3CVSS6.5AI score0.00219EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Desktop Alert PingAlert Information Disclosure Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an information disclosure vulnerability that originates from the exposure of...

7.5CVSS6.2AI score0.00296EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

mall-swarm authorization issue vulnerability (CNVD-2026-10879)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the detail function in file /order/detail, no details of the vulnerability are provided at this time...

5.3CVSS5.6AI score0.00319EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Desktop Alert Unspecified Vulnerability in PingAlert

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an unspecified vulnerability that originates from the disclosure of technical...

4.3CVSS6.5AI score0.00217EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

DELL Alienware Command Center Process Control Vulnerability

DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. A process control vulnerability exists in DELL Alienware Command Center that stems from improper proce...

5.5CVSS6.8AI score0.00105EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•5 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29241)

Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in the Lens feature in Google Chrome prior to version 136.0.7103.59, which stems from an imperfect validation mechanism for QR codes. The vulnerability can be exploited by an attacker to conduct an interface...

6.3CVSS6.5AI score0.00137EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Google Chrome Code Problem Vulnerability (CNVD-2025-29238)

Google Chrome is a web browser developed by Google. A security vulnerability exists in the compositing feature in Google Chrome prior to version 140.0.7339.80, which stems from a flaw in the compositing module's handling of UI elements. The vulnerability can be exploited by an attacker to conduct...

4.3CVSS6.4AI score0.00198EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Google Chrome DevTools Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a DevTools mal-implementation vulnerability that can be exploited by an attacker to cause a sandbox escape...

7.5CVSS6.9AI score0.00194EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

WordPress Qi Blocks plugin cross-site scripting vulnerability

WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...

6.5CVSS6.1AI score0.00155EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Inventory Management System ID Parameter SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that stems from improper handling of the ID parameter in the /admin/products/index.php?view=edit file. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00316EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Student Information System searchquery.php File SQL Injection Vulnerability

Student Information System is a student information system. The Student Information System suffers from a SQL injection vulnerability that originates from the parameter s in the /searchquery.php file that does not effectively filter user input. An attacker can exploit this vulnerability by...

9.8CVSS8AI score0.00425EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•2 views

Student Information System /editprofile.php File SQL Injection Vulnerability

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...

8.8CVSS6.8AI score0.00343EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

Student Information System register.php File SQL Injection Vulnerability

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from improper handling of user input in the /register.php file. No details of the vulnerability are available at this time...

9.8CVSS7.6AI score0.00425EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•6 views

Student Information System register.php Cross-Site Scripting Vulnerability

Student Information System is a student information system. The Student Information System suffers from a cross-site scripting vulnerability that stems from the mishandling of user input by an unspecified functional component in the /register.php file. An attacker can exploit this vulnerability b...

6.1CVSS4.4AI score0.00351EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•1 views

Inventory Management System /LogSignModal.PHP File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that originates from improper handling of the UUSERNAME parameter in the /LogSignModal.PHP file. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00374EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

WordPress Save as PDF Button plugin cross-site scripting vulnerability

The WordPress Save as PDF Button plugin is a tool that adds one-click PDF generation functionality to WordPress websites, allowing visitors to save web content e.g., articles, product pages, etc. as PDF files with the click of a button. WordPress Save as PDF Button plugin has a cross-site scripti...

6.4CVSS6.2AI score0.00223EPSS
Exploits0References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•3 views

D-Link DIR-816L Buffer Overflow Vulnerability

The DIR-816L is a wireless router device from D-Link. A stack-based buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from the genacgimain function in the gena.cgi file improperly handling the SERVERID/HTTPSID parameter. An attacker could use this...

9.8CVSS8.2AI score0.00897EPSS
Exploits1References1
cnvd
cnvd
•added 2025/11/18 12:0 a.m.•4 views

Inventory Management System /admin/login.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00379EPSS
Exploits1References1
Total number of security vulnerabilities131179