WordPress plugin smart SEO SQL injection vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin smart SEO suffers from a SQL injection vulnerability that stems from the...

ASUS Armoury Crate Memory Buffer Operation Improperly Limited Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from an improperly restricted memory buffer manipulation vulnerability that can be exploited by an attacker to cause a local elevation...

Advantech WebAccess/VPN AjaxPrevalidationController.ajaxAction Function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech WebAccess/VPN AjaxStandaloneVpnClientsController.ajaxAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Maid Hiring Management System maid-hiring.php File Cross-Site Scripting Vulnerability

Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that originates from unvalidated entry of the name field in /maid-hiring.php, no details of the vulnerability are available at this time...

ThinkDashboard Cross-Site Scripting Vulnerability

ThinkDashboard is a lightweight, self-hosted bookmarking dashboard. A cross-site scripting vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a lack of schema filtering and can be exploited by an attacker to cause a stored cross-site scripting attack...

WordPress Case Addons plugin file upload vulnerability

The WordPress Case Addons plugin is a plugin for the Elementor page builder that offers a wide range of functional components and templates for enhancing website design and content presentation. The WordPress Case Addons plugin suffers from a file upload vulnerability that stems from the...

WordPress Contest Gallery plugin cross-site request forgery vulnerability

WordPress Contest Gallery plugin is a tool for creating and managing online contest galleries that supports uploading, voting and displaying features for images, videos, audios and many other file types. WordPress Contest Gallery plugin suffers from a cross-site request forgery vulnerability that...

WordPress Cost Calculator Builder plugin missing license vulnerability

WordPress Cost Calculator Builder plugin is a tool for creating cost calculators that supports multiple styles and features for e-commerce, quotation and other scenarios. WordPress Cost Calculator Builder plugin suffers from a missing authorization vulnerability that can be exploited by attackers...

WordPress Dessau plugin file inclusion vulnerability

WordPress Dessau plugin is an extension for WordPress websites, mainly for SEO optimization and content management. WordPress Dessau plugin suffers from a file inclusion vulnerability that stems from improper control of file names for include or reference statements, which can be exploited by an...

WordPress Doliconnect plugin cross-site scripting vulnerability

WordPress Doliconnect plugin is a WordPress plugin that is mainly used to connect ERP systems such as Dolibarr with WordPress websites for data synchronization and functional integration. WordPress Doliconnect plugin suffers from a cross-site scripting vulnerability that stems from the...

WordPress Easy Appointments plugin cross-site scripting vulnerability

WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...

WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...

Google Chrome Misimplementation Vulnerability (CNVD-2026-07246)

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an improper implementation vulnerability that stems from an improper implementation in V8. An attacker could exploit this vulnerability by exploiting a heap corruption vulnerability via a carefully constructed HTML...

WordPress Easy Digital Downloads plugin order manipulation vulnerability

WordPress Easy Digital Downloads plugin is a free plugin designed for WordPress to create and manage a digital merchandising store that supports the sale of downloadable content such as eBooks, software, media and more. WordPress Easy Digital Downloads plugin suffers from an order manipulation...

Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

Advantech DeviceOn/iEdge Path Traversal Vulnerability

Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...

CMSimple_XH Cross-Site Scripting Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

WordPress plugin Extensions for Leaflet Map cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Extensions for Leaflet Map suffers from a cross-site scripting vulnerability...

WordPress All in One Time Clock Lite plugin unauthorized access vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

WordPress Plugin KiotViet Sync Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...

WordPress Plugin FunnelKit Automations Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin FunnelKit Automations,...

WordPress plugin integrate-google-drive information disclosure vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin integrate-google-drive has an information disclosure vulnerability, the...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31062)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass in the getInventoryReportData parameter of the...

Advantech iView SQL Injection Vulnerability (CNVD-2025-31065)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the ztpsearchvalue...

Dell CloudLink Operating System Command Injection Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. Dell CloudLink suffers from an operating system command injection vulnerability that could be exploited by an attacker to cause elevation of privilege and unauthorized system access...

Dell CloudLink Command Execution Vulnerability (CNVD-2025-28523)

Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which can be exploited by an attacker to gain shell access to the system...

Dell CloudLink Denial of Service Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. A denial of service vulnerability exists in Dell CloudLink, which can be exploited by an attacker to cause a denial of service...

Dell Command Monitor Elevation of Privilege Vulnerability

Dell Command Monitor is a software from Dell USA that manages Dell's enterprise client systems. An elevation of privilege vulnerability exists in Dell Command Monitor, which can be exploited by an attacker to cause an elevation of privilege...

Microsoft Windows Bluetooth Service Resource Management Error Vulnerability

Microsoft Windows Bluetooth Service is a Bluetooth driver from Microsoft Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Windows Bluetooth Service that stems from a contention condition due to improper synchronization of shared resources, which can be...

Advantech DeviceOn/iEdge Cross-Site Scripting Vulnerability

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech DeviceOn/iEdge, which stems from insufficient cleanup of dashboard labels or path inputs, and can be...

Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11789)

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that can be exploited by an attacker to upload a specially crafted configuration file for...

IBM Cloud Pak for Business Automation Misallocation of Ownership Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

Grav CMS Cross-Site Scripting Vulnerability

Grav CMS is a modern, lightweight content management system CMS with a file-driven architecture that runs without relying on traditional databases. Grav CMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-824752)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Microsoft Graphics Component Resource Management Error Vulnerability (CNVD-2025-29346)

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Graphics Component, which stems from reuse after release and can be exploited by an attacker to cause a local elevation of privilege...

Microsoft Graphics Component Resource Management Error Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Graphics Component that stems from improper synchronization of shared resources and can be exploited by an attacker to cause a local elevation o...

Apple iOS and iPadOS Logic Issues Insufficient Checks Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain a logical issue with an insufficiently checked vulnerability that can be exploited by an attacker to view sensitive user information...

IBM Cloud Pak for Business Automation Improper Access Control Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

IBM Cloud Pak for Business Automation Denial of Service Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...

Apple Xcode Insufficient Input Validation Vulnerability

Apple Xcode is an integrated development environment developed by Apple Inc. Apple Xcode suffers from an Insufficient Input Validation vulnerability that can be exploited by an attacker to cause heap corruption...

CanalDenuncia App Information Disclosure Vulnerability

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of the parameter email in /backend/api/users/searchUserByEmail.php, which can be exploited by an...

Apple macOS Sequoia Permission Issue Vulnerability (CNVD-2025-29330)

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia has a privilege issue vulnerability that can be exploited by attackers to cause an application to access sensitive user data...

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30335)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect authorization validation of parameters iddenuncia and iduser in /backend/api/buscarTestigoByIdDenunciaUsuario.php. An attacker could...

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30334)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of parameters id and idsociedad in /api/buscarEmpresaById.php. An attacker can use this...

Apple macOS Sequoia Privilege Restriction Insufficiency Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from an insufficient privilege restriction vulnerability that can be exploited by an attacker to cause the disclosure of sensitive user data...

Apple macOS Sequoia Permission Issues Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from a privilege issue vulnerability that can be exploited by an attacker to cause a malicious app to gain root privileges...

Apple Xcode Insufficient Boundary Check Vulnerability

Apple Xcode is an integrated development environment developed by Apple Inc. Apple Xcode suffers from a boundary check insufficiency vulnerability that can be exploited by an attacker to cause a denial of service...