131179 matches found
Simple Online Hotel Reservation System edit_account.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. The Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the /admin/editaccount.php file that does not securely filter the adminid parameter. An attacker can explo...
D-Link DIR-823G Denial of Service Vulnerability
The D-Link DIR-823G is a wireless router from China's AUO D-Link. A security vulnerability exists in D-Link DIR-823G A1 v1.0.2B05, which originates from a null pointer dereference in the SetWLanRadioSettings function. An attacker can exploit this vulnerability to cause a DoS...
Linksys E1200 Stack Buffer Overflow Vulnerability
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
TOTOLINK LR1200GB Command Injection Vulnerability
The TOTOLINK LR1200GB is a wireless dual-band 4GLTE router from China's TOTOLINK Electronics TOTOLINK that supports 2.4GHz and 5GHz dual-band networks. The TOTOLINK LR1200GB suffers from a command injection vulnerability that stems from the cstecgi.cgi binary file failing to properly filter...
Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00025)
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
TOTOLINK A720R Stack Buffer Overflow Vulnerability
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a stack buffer overflow vulnerability that stems from a failure to properly validate the length size o...
Linksys E1200 Stack Buffer Overflow Vulnerability (CNVD-2026-00024)
The Linksys E1200 is a router from Linksys USA. The Linksys E1200 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to cause the execution of arbitrary code or a denial of service...
D-Link DIR-823G Command Injection Vulnerability (CNVD-2025-30949)
The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...
Directory Traversal Vulnerability in UFIDA BIP Data Application Service of UFIDA Network Technology Co.
UFIDA is a leading provider of management software, ERP software, group management software, human resource management software, customer relationship management software, small business management software, financial and administrative institution management software, automotive industry...
mall-swarm authorization issue vulnerability (CNVD-2026-10877)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the cancelOrder function in the file /order/cancelOrder, and no detailed vulnerability details are provided...
WordPress Welcart e-Commerce Plugin Unauthorized Access Vulnerability
WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...
Student Record System add-course.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the course-short, course-full, and cdate parameters in add-course.php. An attacker can exploit this...
WordPress Survey Maker plugin missing license vulnerability
WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. A lack of authorization vulnerability exists in WordPress Survey Maker plugin, which can be exploited by ...
WordPress quicq plugin missing capability check vulnerability
WordPress quicq plugin is an image optimization tool designed for WordPress that automatically compresses and resizes images to improve website performance. A missing capability check vulnerability exists in WordPress quicq plugin, which can be exploited by attackers to cause unauthorized data...
Student Record System add-subject.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the sub1, sub2, sub3, sub4, and course-short parameters of add-subject.php. An attacker can exploit this...
WordPress Popup addon for Ninja Forms plugin cross-site scripting vulnerability
WordPress Popup addon for Ninja Forms plugin is a WordPress form plugin that supports the creation of contact forms, signup forms and more. Its Popup/Modal plugin generates informational or promotional popups for email subscriptions, login signups, and other scenarios. A cross-site scripting...
WordPress WooCommerce Ultimate Points And Rewards plugin Information Disclosure Vulnerability
WordPress WooCommerce Ultimate Points And Rewards plugin is a points and rewards management tool designed for WooCommerce, which awards points through customer behavior e.g., purchases, registrations, comments, etc. and supports redemption of discounts, coupons or free products, aiming to increas...
Student Record System admin-profile.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the adminname and aemailid parameters of admin-profile.php. An attacker can exploit this vulnerability t...
Student Record System password-recovery.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements for the id and emailid parameters in password-recovery.php. An attacker can exploit this vulnerability to...
Student Record System change-password.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from a lack of validation of the currentpassword parameter in change-password.php against an externally entered SQL statement. An attacker can exploit this vulnerability to...
Desktop Alert PingAlert Improper Access Control Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an improper access control vulnerability that can be exploited by an attacker ...
Desktop Alert PingAlert Server-Side Request Forgery Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...
DELL Alienware Command Center Elevation of Privilege Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An elevation of privilege vulnerability exists in DELL Alienware Command Center, which stems from an...
Desktop Alert PingAlert Path Traversal Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. A path traversal vulnerability exists in Desktop Alert PingAlert, which can be exploited to load arbitrary external...
WordPress Contact Form Email plugin missing authorization vulnerability
WordPress Contact Form Email plugin is a powerful contact form tool that is mainly used to create contact forms and email the submitted data to a specified address, while supporting data storage, report generation and export features. A lack of authorization vulnerability exists in the WordPress...
D-Link DIR-816L Buffer Overflow Vulnerability
DIR-816L is a wireless router product from D-Link. A buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which originates from the soapcgimain function in the /soap.cgi file that does not perform a valid bounds check on input data. An attacker could use this...
Google Chrome on iO SInternals Post-Release Reuse Vulnerability
Google Chrome on iOS is a mobile browser designed by Google for Apple cell phone users, supporting cross-device synchronization, multi-tab browsing, voice search and other features to provide a smooth web browsing experience. Google Chrome on iOS suffers from an Internals reuse-after-release...
Simple Cafe Ordering System add_to_cart File Cross Site Scripting Vulnerability
Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a cross-site scripting vulnerability that arises from insufficient security filtering of the productname parameter in the /addtocart file. An attacker could use this vulnerability to execu...
Simple Cafe Ordering System addmem.php File SQL Injection Vulnerability
Simple Cafe Ordering System is a simple coffee ordering system. Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the lack of secure filtering of the studentnum parameter in the /addmem.php file. No details of the vulnerability are available at this time...
Simple Cafe Ordering System login.php File SQL Injection Vulnerability
Simple Cafe Ordering System is a simple coffee ordering system. The Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from the /login.php file not securely filtering the Username parameter. An attacker can exploit this vulnerability to remotely obtain sensitiv...
Desktop Alert PingAlert Cross-Site Scripting Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a cross-site scripting vulnerability that stems from the application's lack of...
TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...
WordPress Survey Maker plugin missing capability check vulnerability
WordPress Survey Maker plugin is a tool for creating questionnaires with support for multiple question types and data analysis features for businesses or individuals to collect user feedback. WordPress Survey Maker plugin suffers from a missing capability check vulnerability, which stems from a...
Desktop Alert PingAlert Information Disclosure Vulnerability
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an information disclosure vulnerability that originates from the exposure of...
mall-swarm authorization issue vulnerability (CNVD-2026-10879)
mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the mishandling of the orderId parameter in the detail function in file /order/detail, no details of the vulnerability are provided at this time...
Desktop Alert Unspecified Vulnerability in PingAlert
Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an unspecified vulnerability that originates from the disclosure of technical...
DELL Alienware Command Center Process Control Vulnerability
DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. A process control vulnerability exists in DELL Alienware Command Center that stems from improper proce...
Google Chrome Code Problem Vulnerability (CNVD-2025-29241)
Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in the Lens feature in Google Chrome prior to version 136.0.7103.59, which stems from an imperfect validation mechanism for QR codes. The vulnerability can be exploited by an attacker to conduct an interface...
Google Chrome Code Problem Vulnerability (CNVD-2025-29238)
Google Chrome is a web browser developed by Google. A security vulnerability exists in the compositing feature in Google Chrome prior to version 140.0.7339.80, which stems from a flaw in the compositing module's handling of UI elements. The vulnerability can be exploited by an attacker to conduct...
Google Chrome DevTools Improperly Implemented Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a DevTools mal-implementation vulnerability that can be exploited by an attacker to cause a sandbox escape...
WordPress Qi Blocks plugin cross-site scripting vulnerability
WordPress Qi Blocks plugin is a WordPress block plugin developed by QodeInteractive, providing 48 free blocks and 33 premium blocks 81 in total, covering categories such as typography, infographics, form styles, content display, etc., and supporting highly customizable and flexible website buildi...
Inventory Management System ID Parameter SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that stems from improper handling of the ID parameter in the /admin/products/index.php?view=edit file. No details of the vulnerability are available at this time...
Student Information System searchquery.php File SQL Injection Vulnerability
Student Information System is a student information system. The Student Information System suffers from a SQL injection vulnerability that originates from the parameter s in the /searchquery.php file that does not effectively filter user input. An attacker can exploit this vulnerability by...
Student Information System /editprofile.php File SQL Injection Vulnerability
Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...
Student Information System register.php File SQL Injection Vulnerability
Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from improper handling of user input in the /register.php file. No details of the vulnerability are available at this time...
Student Information System register.php Cross-Site Scripting Vulnerability
Student Information System is a student information system. The Student Information System suffers from a cross-site scripting vulnerability that stems from the mishandling of user input by an unspecified functional component in the /register.php file. An attacker can exploit this vulnerability b...
Inventory Management System /LogSignModal.PHP File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that originates from improper handling of the UUSERNAME parameter in the /LogSignModal.PHP file. No details of the vulnerability are available at this time...
WordPress Save as PDF Button plugin cross-site scripting vulnerability
The WordPress Save as PDF Button plugin is a tool that adds one-click PDF generation functionality to WordPress websites, allowing visitors to save web content e.g., articles, product pages, etc. as PDF files with the click of a button. WordPress Save as PDF Button plugin has a cross-site scripti...
D-Link DIR-816L Buffer Overflow Vulnerability
The DIR-816L is a wireless router device from D-Link. A stack-based buffer overflow vulnerability exists in the D-Link DIR-816L version 206b09beta, which stems from the genacgimain function in the gena.cgi file improperly handling the SERVERID/HTTPSID parameter. An attacker could use this...
Inventory Management System /admin/login.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from the useremail parameter not being effectively filtered in the /admin/login.php file. No details of the vulnerability are available at this time...