Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29073)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from a lack of graceful err...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27585)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

Tenda AC8 Buffer Overflow Vulnerability

Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC8 Hardware version v03.03.10.01, which originates from a boundary error in the UPnP service when handling untrusted input. An attacker can exploit this vulnerability to execute arbitrar...

WordPress NS Maintenance Mode for WP plugin cross-site scripting vulnerability

WordPress NS Maintenance Mode for WP plugin is a WordPress plugin for setting a website into maintenance mode, displaying temporary pages to visitors during updates or maintenance while allowing administrators or designated users to access the backend. The WordPress NS Maintenance Mode for WP...

TOTOLINK A7000R sub_421A04 function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the failure of the wifiOff parameter in the sub421A0...

WordPress ERI File Library plugin unauthorized data access vulnerability

The WordPress ERI File Library plugin is a lightweight plugin designed for WordPress to create and publish document galleries, with support for inserting documents via the Gutenberg editor or shortcode. WordPress ERI File Library plugin suffers from an unauthorized data access vulnerability that...

Tenda AC10 Buffer Overflow Vulnerability

Tenda AC10 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC10 version 16.03.10.13, which originates from the mishandling of the getui parameter in the formSysRunCmd function in the /goform/SysRunCmd file. The vulnerability can be exploited to trigger a...

Tenda AC8 DatabaseIniSet File Buffer Overflow Vulnerability

Tenda AC8 is a dual-band Gigabit wireless router from Tenda designed for home and small office environments. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from manipulating the Time parameter in the /goform/DatabaseIniSet file without properly validating the input...

Tenda A15 Buffer Overflow Vulnerability

Tenda A15 is a wireless router device from Tenda. A buffer overflow vulnerability exists in Tenda A15 version 15.13.07.13, which originates from the improper handling of the wpapskcrypto24g parameter in the fromSetWirelessRepeat function in the /goform/openNetworkGateway file. An attacker can...

School Fees Payment Management System /ajax.php?action=delete_course file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. School Fees Payment Management System is vulnerable to a SQL injection vulnerability that stems from improper handling of unknown parameters in the /ajax.php?action=deletecourse file. No details of the vulnerability are...

News Portal settings.py File Information Disclosure Vulnerability

News Portal is a news portal. News Portal suffers from an information disclosure vulnerability that originates from an unknown function in the /onps/settings.py file that fails to properly handle sensitive data. The vulnerability can be exploited to insert sensitive information into debugging cod...

Tenda AC21 Buffer Overflow Vulnerability

Tenda AC21 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC21 version 16.03.08.16, which originates from improper manipulation of the startIp parameter of the formSetPPTPServer function in the /goform/SetPptpServerCfg file. The vulnerability can be...

News Portal Hardcoding Vulnerability

News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29076)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from disabling email server...

WordPress Depicter plugin cross-site request forgery vulnerability

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

WordPress Plugin Rank Math SEO Information Leakage Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Rank Math SEO.The...

TOTOLINK LR350 sub_4232EC function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the wifiOff parameter failing to properly...

TOTOLINK LR350 sub_426EF8 function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the password parameter in the...

TOTOLINK LR350 sub_422880 function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

TOTOLINK LR350 http_host parameter stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the httphost parameter in the...

TOTOLINK LR350 sub_421BAC function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

WordPress MasterStudy LMS plugin SQL Injection Vulnerability

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

Tenda AX-1803 Buffer Overflow Vulnerability

The Tenda AX-1803 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AX-1803 v1.0.0.1, which originates from the timeZone parameter in the formfastsettingwifiset function that fails to correctly validate the length of the input data, and can be...

Tenda AX-3 get_parentControl_list_Info function stack buffer overflow vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability that originates from the deviceId parameter in the getparentControllistInfo function failing to properly...

WordPress Polylang plugin deserialization vulnerability

WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...

WordPress Bard plugin cross-site request forgery vulnerability

WordPress Bard plugin is a tool used to stop chatbots such as Bard from crawling the content of your website, which is achieved by modifying the virtual robots.txt file. The WordPress Bard plugin suffers from a cross-site request forgery vulnerability that originates when a web application does n...

WordPress Groundhogg Plugin Cross-Site Scripting Vulnerability

WordPress Groundhogg Plugin is a Customer Relationship Management CRM, email marketing and marketing automation tool designed for the WordPress platform and is designed to help users increase customer conversions and sales productivity through automated processes. WordPress Groundhogg Plugin...

WordPress K Elements plugin cross-site scripting vulnerability

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

WordPress Consulting Elementor Widgets plugin cross-site scripting vulnerability

WordPress Consulting Elementor Widgets plugin is a plugin for the Elementor page builder that allows users to add and customize website content with drag and drop functionality. The WordPress Consulting Elementor Widgets plugin suffers from a cross-site scripting vulnerability that stems from the...

WordPress Gutenberg plugin cross-site scripting vulnerability

The WordPress Gutenberg plugin is a block editor enhancement designed for WordPress to extend the default editor functionality with support for custom content layouts, data store optimization and RESTAPI integration. WordPress Gutenberg plugin suffers from a cross-site scripting vulnerability tha...

WordPress Masterstudy plugin file inclusion vulnerability

WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...

TOTOLINK LR350 sub_42396C function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

WordPress Insert PHP Code Snippet plugin missing authorization vulnerability

WordPress Insert PHP Code Snippet plugin is a tool for inserting custom PHP code into posts or pages in WordPress, supporting secure execution of code snippets and managing code blocks. A lack of authorization vulnerability exists in WordPress Insert PHP Code Snippet plugin, which can be exploite...

WordPress Advanced Database Cleaner plugin cross-site request forgery vulnerability

WordPress Advanced Database Cleaner plugin a plugin for cleaning and optimizing WordPress databases to help users remove redundant data such as spam comments, old drafts, etc., improve site performance and reduce database size. The WordPress Advanced Database Cleaner plugin suffers from a...

WordPress King Addons for Elementor plugin elevation of privilege vulnerability

WordPress King Addons for Elementor plugin is an extension plugin designed specifically for the Elementor page builder, offering a large number of preset templates, components, and features for quickly building WordPress websites. The WordPress King Addons for Elementor plugin suffers from an...

TOTOLINK A7000R sub_4222E0 function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub4222E0 function faili...

WordPress Noo JobMonster plugin authentication bypass vulnerability

WordPress Noo JobMonster plugin is a recruitment theme on the WordPress platform, mainly used to build a job search and recruitment website, support for employers to post jobs, job seekers to submit resumes and other functions. WordPress Noo JobMonster plugin has an authentication bypass...

WordPress Plugin WP Discourse Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...

WordPress Community Events plugin cross-site scripting vulnerability

WordPress Community Events plugin is an event management plugin for the WordPress platform that allows users to create and display event calendars with support for AJAX dynamic loading and event submission form functionality. WordPress Community Events plugin suffers from a cross-site scripting...

WordPress Inactive Logout plugin cross-site scripting vulnerability

WordPress Inactive Logout plugin is a WordPress security plugin for automatically terminating inactive user sessions to prevent unauthorized access. The WordPress Inactive Logout plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27583)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

TOTOLINK A7000R sub_421CF0 function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub421CF0 function faili...

WordPress Consulting plugin file inclusion vulnerability

WordPress Consulting plugin is a plugin that provides WordPress website optimization, security auditing, performance enhancement, etc. It is mainly used to help businesses or individual users to solve the technical problems of WordPress websites. WordPress Consulting plugin has a file inclusion...

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

Tenda AC23 saveParentControlInfo File Buffer Overflow Vulnerability

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 has a buffer overflow vulnerability, the vulnerability stems from the parameter...

Simple Online Hotel Reservation System Code Issue Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System has a code issue vulnerability that stems from a lack of valid validation of uploaded files by the Photo Handler component in file /admin/editroom.php. An attacker can use th...

Tenda AC23 SetVirtualServerCfg File Buffer Overflow Vulnerability

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 has a buffer overflow vulnerability, the vulnerability stems from the file...

WordPress OOPSpam Anti-Spam plugin IP Header Forgery Vulnerability

WordPress OOPSpam Anti-Spam plugin is an anti-spam plugin designed for WordPress that protects forms and comments from spam through AI and machine learning techniques without the use of CAPTCHA validation. The WordPress OOPSpam Anti-Spam plugin suffers from an IP header forgery vulnerability that...

WordPress Analytify Pro plugin information disclosure vulnerability

WordPress Analytify Pro plugin is a Google Analytics plugin designed for WordPress, mainly used in the WordPress background and front-end display of Google Analytics data, to simplify the process of analyzing website traffic and user behavior. WordPress Analytify Pro plugin has an information...