Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/11/12 12:0 a.m.•3 views

WordPress WP Airbnb Review Slider plugin cross-site scripting vulnerability

WordPress WP Airbnb Review Slider plugin is a slider plugin for displaying Airbnb reviews on your WordPress website with support for custom animations, layouts and other advanced features. The WordPress WP Airbnb Review Slider plugin suffers from a cross-site scripting vulnerability that stems fr...

4CVSS6.1AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•3 views

Responsive Hotel Site newsletterdel.php file SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/newsletterdel.php. An attacker can exploit this...

9.8CVSS8.2AI score0.00373EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•8 views

Calibre Input Validation Error Vulnerability (CNVD-2025-27923)

Calibre is an open source free all-in-one eBook reading management and format conversion tool. An input validation error vulnerability exists in Calibre 8.13.0 and earlier versions, which stems from handling binary resources in FB2 files without validating the filename, and can be exploited by an...

9.3CVSS7.6AI score0.00176EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•6 views

WordPress Gravity Forms plugin arbitrary file upload vulnerability

WordPress Gravity Forms plugin is a professional forms plugin for the WordPress platform, mainly used to create and manage various interactive forms, supporting data collection, payment processing, workflow automation and other features. WordPress Gravity Forms plugin has an arbitrary file upload...

9.8CVSS8.3AI score0.00737EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•8 views

WordPress Contact Form 7 AWeber Extension plugin unauthorized data modification vulnerability

WordPress Contact Form 7 AWeber Extension plugin is an extension plugin designed for WordPress Contact Form 7 plugin for automatic synchronization of form data to AWeber email marketing platform. The WordPress Contact Form 7 AWeber Extension plugin suffers from an unauthorized data modification...

4.3CVSS6.7AI score0.00194EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•3 views

WordPress WPFunnels plugin path traversal vulnerability

WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. The WordPress WPFunnels plugin suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file. An attacker can exploit this...

6.5CVSS8.1AI score0.00716EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

WordPress Smart Auto Upload Images plugin Arbitrary File Upload Vulnerability

WordPress Smart Auto Upload Images plugin is a WordPress plugin that is mainly used to automatically upload and manage images. WordPress Smart Auto Upload Images plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation, which can be exploited by an attacker...

8.8CVSS8.2AI score0.00512EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•6 views

WordPress Course Booking System plugin Unauthorized Access to Data Vulnerability

The WordPress Course Booking System plugin is a tool designed for course booking that allows users to book courses online, manage scheduling and handle the payment process. An unauthorized access to data vulnerability exists in the WordPress Course Booking System plugin, which can be exploited by...

5.3CVSS7AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

Responsive Hotel Site roomdel.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that stems from the /admin/roomdel.php file mishandling the ID parameter and failing to properly validate and filter user input. An attacker can exploit this vulnerability to obta...

9.8CVSS7.8AI score0.00373EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

WordPress WPFunnels plugin unauthorized user registration vulnerability

WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...

5.3CVSS6.8AI score0.00219EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

WordPress Ovatheme Events Manager plugin unauthorized access vulnerability

WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...

6.5CVSS6.8AI score0.00198EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

WordPress Simple Downloads List plugin unauthorized data modification vulnerability

WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...

6.4CVSS6.8AI score0.0021EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•8 views

Responsive Hotel Site reservation.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/reservation.php. An attacker can exploit this vulnerabilit...

9.8CVSS8.2AI score0.00373EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

Responsive Hotel Site roombook.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /admin/roombook.php. An attacker can exploit this vulnerability to...

9.8CVSS8.2AI score0.00373EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

WordPress IDonate plugin unsafe direct object reference vulnerability

WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...

6.5CVSS6.9AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•5 views

Google Chrome Insufficient Policy Enforcement Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a policy enforcement insufficiency vulnerability, which stems from Devtools Policy Enforcement Insufficiency, and can be exploited by an attacker to cause a cross-origin data leak...

5.3CVSS6.8AI score0.00191EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

QNAP File Station 5 Cross-Site Scripting Vulnerability

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...

6.2CVSS6.2AI score0.00199EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

Google Chrome Improper Privilege Implementation Vulnerability (CNVD-2025-29560)

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Permission Misimplementation Vulnerability, no details of the vulnerability are provided at this time...

4.3CVSS6.5AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

FoxCMS Cross-Site Scripting Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.16 and previous versions of the existence of cross-site scripting vulnerability, the vulnerability stems from the file app/admin/controller/Product.php parameter Title on the user-provided data...

4.8CVSS6.5AI score0.00323EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•7 views

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29175)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

6.5CVSS6.7AI score0.00279EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•6 views

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29178)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

7.5CVSS6.5AI score0.00268EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•5 views

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29174)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

7.5CVSS6.7AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•4 views

IBM Db2 Information Disclosure Vulnerability (CNVD-2025-29173)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM Db2 that stems from the clpplus command exposing...

4.6CVSS6.2AI score0.00168EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•5 views

Google Chrome Passkeys Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Passkeys mal-implementation vulnerability, which can be exploited by an attacker to obtain sensitive information via debug logs...

6.2CVSS6.5AI score0.00102EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/12 12:0 a.m.•5 views

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29176)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

6.5CVSS6.5AI score0.00279EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech WebAccess/VPN Absolute Path Traversal Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...

6.9CVSS7AI score0.00373EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...

4.3CVSS6.5AI score0.00122EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•1 views

Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.5AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-31064)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass of the ztpconfigid parameter of the NetworkServlet...

9.8CVSS8.3AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

Advantech WebAccess/VPN AjaxStandaloneVpnClientsController.ajaxAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.4AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.4AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•1 views

Advantech WebAccess/VPN AppManagementController.appUpgradeAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

8.6CVSS8.3AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•1 views

WordPress plugin smart SEO SQL injection vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin smart SEO suffers from a SQL injection vulnerability that stems from the...

8.5CVSS8AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•4 views

ThinkDashboard Cross-Site Scripting Vulnerability

ThinkDashboard is a lightweight, self-hosted bookmarking dashboard. A cross-site scripting vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a lack of schema filtering and can be exploited by an attacker to cause a stored cross-site scripting attack...

6.1CVSS6.1AI score0.00226EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

WordPress Contest Gallery plugin cross-site request forgery vulnerability

WordPress Contest Gallery plugin is a tool for creating and managing online contest galleries that supports uploading, voting and displaying features for images, videos, audios and many other file types. WordPress Contest Gallery plugin suffers from a cross-site request forgery vulnerability that...

4.3CVSS7AI score0.00114EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

WordPress Plugin CoSchool LMSSQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...

8.5CVSS8AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-31063)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

9.8CVSS8.9AI score0.00695EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

Advantech DeviceOn/iEdge Path Traversal Vulnerability

Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...

9.8CVSS6AI score0.00695EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

WordPress Doliconnect plugin cross-site scripting vulnerability

WordPress Doliconnect plugin is a WordPress plugin that is mainly used to connect ERP systems such as Dolibarr with WordPress websites for data synchronization and functional integration. WordPress Doliconnect plugin suffers from a cross-site scripting vulnerability that stems from the...

6.1CVSS6.1AI score0.00214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•4 views

ASUS Armoury Crate Memory Buffer Operation Improperly Limited Vulnerability

ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from an improperly restricted memory buffer manipulation vulnerability that can be exploited by an attacker to cause a local elevation...

7.3CVSS6.7AI score0.00121EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

Advantech WebAccess/VPN StandaloneVpnClientsController.addStandaloneVpnClientAction function cross-site scripting vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

6.3CVSS6.2AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•1 views

Advantech WebAccess/VPN NetworksController.addNetworkAction function cross-site scripting vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

6.2CVSS6.4AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.4AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-31061)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

8.8CVSS8.1AI score0.00463EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-31062)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass in the getInventoryReportData parameter of the...

9.3CVSS9.2AI score0.00638EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

CMSimple_XH cross-site scripting vulnerability (CNVD-2026-02642)

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, for...

7.1CVSS6.2AI score0.00328EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

WordPress plugin Extensions for Leaflet Map cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Extensions for Leaflet Map suffers from a cross-site scripting vulnerability...

6.4CVSS5.9AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

Advantech WebAccess/VPN AjaxNetworkController.ajaxAction Function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

8.6CVSS8.4AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

Advantech WebAccess/VPN Command Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a command injection...

8.6CVSS7.9AI score0.01766EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

Advantech iView SQL Injection Vulnerability (CNVD-2025-31065)

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the ztpsearchvalue...

9.3CVSS8.8AI score0.00638EPSS
Exploits0References1
Total number of security vulnerabilities131179