131179 matches found
WordPress WP Airbnb Review Slider plugin cross-site scripting vulnerability
WordPress WP Airbnb Review Slider plugin is a slider plugin for displaying Airbnb reviews on your WordPress website with support for custom animations, layouts and other advanced features. The WordPress WP Airbnb Review Slider plugin suffers from a cross-site scripting vulnerability that stems fr...
Responsive Hotel Site newsletterdel.php file SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/newsletterdel.php. An attacker can exploit this...
Calibre Input Validation Error Vulnerability (CNVD-2025-27923)
Calibre is an open source free all-in-one eBook reading management and format conversion tool. An input validation error vulnerability exists in Calibre 8.13.0 and earlier versions, which stems from handling binary resources in FB2 files without validating the filename, and can be exploited by an...
WordPress Gravity Forms plugin arbitrary file upload vulnerability
WordPress Gravity Forms plugin is a professional forms plugin for the WordPress platform, mainly used to create and manage various interactive forms, supporting data collection, payment processing, workflow automation and other features. WordPress Gravity Forms plugin has an arbitrary file upload...
WordPress Contact Form 7 AWeber Extension plugin unauthorized data modification vulnerability
WordPress Contact Form 7 AWeber Extension plugin is an extension plugin designed for WordPress Contact Form 7 plugin for automatic synchronization of form data to AWeber email marketing platform. The WordPress Contact Form 7 AWeber Extension plugin suffers from an unauthorized data modification...
WordPress WPFunnels plugin path traversal vulnerability
WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. The WordPress WPFunnels plugin suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file. An attacker can exploit this...
WordPress Smart Auto Upload Images plugin Arbitrary File Upload Vulnerability
WordPress Smart Auto Upload Images plugin is a WordPress plugin that is mainly used to automatically upload and manage images. WordPress Smart Auto Upload Images plugin has an arbitrary file upload vulnerability that stems from a lack of file type validation, which can be exploited by an attacker...
WordPress Course Booking System plugin Unauthorized Access to Data Vulnerability
The WordPress Course Booking System plugin is a tool designed for course booking that allows users to book courses online, manage scheduling and handle the payment process. An unauthorized access to data vulnerability exists in the WordPress Course Booking System plugin, which can be exploited by...
Responsive Hotel Site roomdel.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that stems from the /admin/roomdel.php file mishandling the ID parameter and failing to properly validate and filter user input. An attacker can exploit this vulnerability to obta...
WordPress WPFunnels plugin unauthorized user registration vulnerability
WordPress WPFunnels plugin is a funnel builder designed for WordPress and WooCommerce. WordPress WPFunnels plugin suffers from an unauthorized user registration vulnerability that stems from relying on the user control value optinallowregistration to determine user registration permissions, which...
WordPress Ovatheme Events Manager plugin unauthorized access vulnerability
WordPress Ovatheme Events Manager plugin is an event management plugin for the WordPress platform that is used to create and manage event calendars, ticket sales and other features. WordPress Ovatheme Events Manager plugin suffers from an unauthorized access vulnerability that stems from a lack o...
WordPress Simple Downloads List plugin unauthorized data modification vulnerability
WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...
Responsive Hotel Site reservation.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/reservation.php. An attacker can exploit this vulnerabilit...
Responsive Hotel Site roombook.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /admin/roombook.php. An attacker can exploit this vulnerability to...
WordPress IDonate plugin unsafe direct object reference vulnerability
WordPress IDonate plugin is a blood donation management tool on the WordPress platform, which is mainly used for blood donor registration, blood donation request submission and background management. WordPress IDonate plugin has an insecure direct object reference vulnerability, the vulnerability...
Google Chrome Insufficient Policy Enforcement Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a policy enforcement insufficiency vulnerability, which stems from Devtools Policy Enforcement Insufficiency, and can be exploited by an attacker to cause a cross-origin data leak...
QNAP File Station 5 Cross-Site Scripting Vulnerability
QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...
Google Chrome Improper Privilege Implementation Vulnerability (CNVD-2025-29560)
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Permission Misimplementation Vulnerability, no details of the vulnerability are provided at this time...
FoxCMS Cross-Site Scripting Vulnerability
FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.16 and previous versions of the existence of cross-site scripting vulnerability, the vulnerability stems from the file app/admin/controller/Product.php parameter Title on the user-provided data...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-29175)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-29178)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-29174)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...
IBM Db2 Information Disclosure Vulnerability (CNVD-2025-29173)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM Db2 that stems from the clpplus command exposing...
Google Chrome Passkeys Improperly Implemented Vulnerability
Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a Passkeys mal-implementation vulnerability, which can be exploited by an attacker to obtain sensitive information via debug logs...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-29176)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...
Advantech WebAccess/VPN Absolute Path Traversal Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. An absolute path traversal vulnerability exists in...
WordPress Easy Email Subscription plugin Cross-Site Request Forgery Vulnerability
WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. The WordPress Easy Email Subscription plugin suffers from a cross-site request forgery vulnerability that originates from a web application that does not adequately validate...
Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech iView SQL Injection Vulnerability (CNVD-2025-31064)
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass of the ztpconfigid parameter of the NetworkServlet...
Advantech WebAccess/VPN AjaxStandaloneVpnClientsController.ajaxAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech WebAccess/VPN AppManagementController.appUpgradeAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
WordPress plugin smart SEO SQL injection vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin smart SEO suffers from a SQL injection vulnerability that stems from the...
ThinkDashboard Cross-Site Scripting Vulnerability
ThinkDashboard is a lightweight, self-hosted bookmarking dashboard. A cross-site scripting vulnerability exists in ThinkDashboard version 0.6.7 and earlier, which stems from a lack of schema filtering and can be exploited by an attacker to cause a stored cross-site scripting attack...
WordPress Contest Gallery plugin cross-site request forgery vulnerability
WordPress Contest Gallery plugin is a tool for creating and managing online contest galleries that supports uploading, voting and displaying features for images, videos, audios and many other file types. WordPress Contest Gallery plugin suffers from a cross-site request forgery vulnerability that...
WordPress Plugin CoSchool LMSSQL Injection Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...
Advantech iView SQL Injection Vulnerability (CNVD-2025-31063)
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...
Advantech DeviceOn/iEdge Path Traversal Vulnerability
Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...
WordPress Doliconnect plugin cross-site scripting vulnerability
WordPress Doliconnect plugin is a WordPress plugin that is mainly used to connect ERP systems such as Dolibarr with WordPress websites for data synchronization and functional integration. WordPress Doliconnect plugin suffers from a cross-site scripting vulnerability that stems from the...
ASUS Armoury Crate Memory Buffer Operation Improperly Limited Vulnerability
ASUS Armoury Crate is a utility software developed by ASUS to centrally control and manage ROG Gamerland and some ASUS gaming products. ASUS Armoury Crate suffers from an improperly restricted memory buffer manipulation vulnerability that can be exploited by an attacker to cause a local elevation...
Advantech WebAccess/VPN StandaloneVpnClientsController.addStandaloneVpnClientAction function cross-site scripting vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
Advantech WebAccess/VPN NetworksController.addNetworkAction function cross-site scripting vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
Advantech WebAccess/VPN AjaxFwRulesController.ajaxNetworkFwRulesAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech iView SQL Injection Vulnerability (CNVD-2025-31061)
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...
Advantech iView SQL Injection Vulnerability (CNVD-2025-31062)
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that originates from an authentication bypass in the getInventoryReportData parameter of the...
CMSimple_XH cross-site scripting vulnerability (CNVD-2026-02642)
CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, for...
WordPress plugin Extensions for Leaflet Map cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Extensions for Leaflet Map suffers from a cross-site scripting vulnerability...
Advantech WebAccess/VPN AjaxNetworkController.ajaxAction Function SQL Injection Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech WebAccess/VPN Command Injection Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a command injection...
Advantech iView SQL Injection Vulnerability (CNVD-2025-31065)
Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the ztpsearchvalue...