Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

Advantech WebAccess/VPN NetworksController.addNetworkAction function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.4AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•6 views

WordPress Case Addons plugin file upload vulnerability

The WordPress Case Addons plugin is a plugin for the Elementor page builder that offers a wide range of functional components and templates for enhancing website design and content presentation. The WordPress Case Addons plugin suffers from a file upload vulnerability that stems from the...

9.9CVSS7.9AI score0.00409EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

WordPress Plugin KiotViet Sync Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...

5.3CVSS6AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

WordPress Ace User Management plugin does not properly validate password reset token vulnerability

WordPress Ace User Management plugin is a WordPress user management plugin developed by Acewebx, mainly used to enhance and customize WordPress user roles, permissions and management features. WordPress Ace User Management plugin suffers from an improperly validated password reset token...

6.3CVSS7.2AI score0.00173EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•4 views

Maid Hiring Management System maid-hiring.php File Cross-Site Scripting Vulnerability

Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that originates from unvalidated entry of the name field in /maid-hiring.php, no details of the vulnerability are available at this time...

5.4CVSS6.3AI score0.00229EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

WordPress Easy Appointments plugin cross-site scripting vulnerability

WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...

6.1CVSS6.4AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

WordPress Dessau plugin file inclusion vulnerability

WordPress Dessau plugin is an extension for WordPress websites, mainly for SEO optimization and content management. WordPress Dessau plugin suffers from a file inclusion vulnerability that stems from improper control of file names for include or reference statements, which can be exploited by an...

9.8CVSS7AI score0.0056EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•6 views

WordPress Plugin Atarim Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Atarim, which can be...

7.5CVSS6AI score0.02882EPSS
Exploits2References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•9 views

WordPress Cost Calculator Builder plugin missing license vulnerability

WordPress Cost Calculator Builder plugin is a tool for creating cost calculators that supports multiple styles and features for e-commerce, quotation and other scenarios. WordPress Cost Calculator Builder plugin suffers from a missing authorization vulnerability that can be exploited by attackers...

6.5CVSS6.8AI score0.00293EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•15 views

Google Chrome Misimplementation Vulnerability (CNVD-2026-07246)

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an improper implementation vulnerability that stems from an improper implementation in V8. An attacker could exploit this vulnerability by exploiting a heap corruption vulnerability via a carefully constructed HTML...

8.8CVSS5.9AI score0.00256EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•6 views

WordPress Easy Email Subscription plugin SQL Injection Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

4.9CVSS8AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

WordPress plugin integrate-google-drive information disclosure vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin integrate-google-drive has an information disclosure vulnerability, the...

7.5CVSS5.8AI score0.02362EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•22 views

Advantech WebAccess/VPN AjaxPrevalidationController.ajaxAction Function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.3AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•3 views

WordPress Contest Gallery plugin cross-site request forgery vulnerability

WordPress Contest Gallery plugin is a tool for creating and managing online contest galleries that supports uploading, voting and displaying features for images, videos, audios and many other file types. WordPress Contest Gallery plugin suffers from a cross-site request forgery vulnerability that...

4.3CVSS7AI score0.00114EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•6 views

WordPress All in One Time Clock Lite plugin unauthorized access vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

6.5CVSS6.8AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

WordPress Plugin FunnelKit Automations Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin FunnelKit Automations,...

5.3CVSS5.7AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•2 views

Advantech WebAccess/VPN AppManagementController.appUpgradeAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

8.6CVSS8.3AI score0.00284EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•7 views

CMSimple_XH Cross-Site Scripting Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

7.1CVSS6.3AI score0.00323EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/11 12:0 a.m.•5 views

WordPress Easy Digital Downloads plugin order manipulation vulnerability

WordPress Easy Digital Downloads plugin is a free plugin designed for WordPress to create and manage a digital merchandising store that supports the sale of downloadable content such as eBooks, software, media and more. WordPress Easy Digital Downloads plugin suffers from an order manipulation...

5.3CVSS6.5AI score0.00294EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Dell CloudLink Command Execution Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...

9.1CVSS7.7AI score0.00298EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Dell CloudLink Elevation of Privilege Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. An elevation of privilege vulnerability exists in Dell CloudLink, which could be exploited by an attacker to gain access to a database and obtain confidential information...

6.7CVSS7.2AI score0.00126EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Apple iOS and iPadOS Insufficient Boundary Check Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS suffer from a boundary check insufficiency vulnerability that can be exploited by an attacker to cause a process crash triggered by a malicious HID...

4.3CVSS6.1AI score0.00277EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•7 views

Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11788)

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...

8.8CVSS6AI score0.00512EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11789)

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that can be exploited by an attacker to upload a specially crafted configuration file for...

9.8CVSS6.3AI score0.00661EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30336)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect validation of the parameters iddenuncia and iduser authorization in /backend/api/buscarDocumentosByIdDenunciaUsuario.php. An attacker...

8.7CVSS6.2AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Microsoft Graphics Component Resource Management Error Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Graphics Component that stems from improper synchronization of shared resources and can be exploited by an attacker to cause a local elevation o...

7CVSS6.5AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Apple Xcode Insufficient Input Validation Vulnerability

Apple Xcode is an integrated development environment developed by Apple Inc. Apple Xcode suffers from an Insufficient Input Validation vulnerability that can be exploited by an attacker to cause heap corruption...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Cisco Unified Contact Center Express Code Issue Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...

9.8CVSS7.5AI score0.00877EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Grav CMS Cross-Site Scripting Vulnerability

Grav CMS is a modern, lightweight content management system CMS with a file-driven architecture that runs without relying on traditional databases. Grav CMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...

6.1CVSS6.1AI score0.0022EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•2 views

Dell CloudLink Denial of Service Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. A denial of service vulnerability exists in Dell CloudLink, which can be exploited by an attacker to cause a denial of service...

6.7CVSS6.7AI score0.00088EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Cisco Unified Contact Center Express Path Traversal Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A path traversal vulnerability exists in...

4.9CVSS5.8AI score0.01036EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•7 views

Microsoft Windows Bluetooth Service Resource Management Error Vulnerability

Microsoft Windows Bluetooth Service is a Bluetooth driver from Microsoft Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Windows Bluetooth Service that stems from a contention condition due to improper synchronization of shared resources, which can be...

7CVSS6.5AI score0.00232EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Dell Command Monitor Elevation of Privilege Vulnerability

Dell Command Monitor is a software from Dell USA that manages Dell's enterprise client systems. An elevation of privilege vulnerability exists in Dell Command Monitor, which can be exploited by an attacker to cause an elevation of privilege...

7.3CVSS7.2AI score0.00132EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

IBM Cloud Pak for Business Automation Improper Access Control Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

7.4CVSS6.7AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•6 views

CanalDenuncia App Information Disclosure Vulnerability

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of the parameter email in /backend/api/users/searchUserByEmail.php, which can be exploited by an...

8.7CVSS6.3AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Advantech DeviceOn/iEdge Cross-Site Scripting Vulnerability

Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech DeviceOn/iEdge, which stems from insufficient cleanup of dashboard labels or path inputs, and can be...

6.4CVSS5.8AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple iOS and iPadOS Information Disclosure Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An information disclosure vulnerability exists in Apple iOS and iPadOS, which stems from a logging issue that could be exploited by an attacker to disclose sensitive use...

5.5CVSS5.7AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Microsoft Graphics Component Resource Management Error Vulnerability (CNVD-2025-29346)

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Graphics Component, which stems from reuse after release and can be exploited by an attacker to cause a local elevation of privilege...

7CVSS6.5AI score0.00298EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•10 views

Apple iOS and iPadOS Logic Issues Insufficient Checks Vulnerability

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain a logical issue with an insufficiently checked vulnerability that can be exploited by an attacker to view sensitive user information...

4.6CVSS6.2AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

LinkAce cross-site scripting vulnerability (CNVD-2025-27898)

LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...

8.7CVSS6.1AI score0.00239EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•2 views

CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30334)

CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of parameters id and idsociedad in /api/buscarEmpresaById.php. An attacker can use this...

8.7CVSS6.3AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•2 views

Apple macOS Sequoia Permission Issue Vulnerability (CNVD-2025-29330)

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia has a privilege issue vulnerability that can be exploited by attackers to cause an application to access sensitive user data...

5.5CVSS6.6AI score0.00186EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Cisco Unified Contact Center Express Code Issue Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A code issue vulnerability exists in Cisco...

7.2CVSS6AI score0.00436EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•2 views

IBM Cloud Pak for Business Automation Misallocation of Ownership Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

4.3CVSS6.7AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

IBM Cloud Pak for Business Automation Denial of Service Vulnerability

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...

6.5CVSS6.6AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•7 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-824752)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•3 views

Cisco Unified Contact Center Express Code Issue Vulnerability

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...

7.2CVSS5.9AI score0.00359EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•4 views

Dell CloudLink Operating System Command Injection Vulnerability

Dell CloudLink is a data encryption and key management system from Dell USA. Dell CloudLink suffers from an operating system command injection vulnerability that could be exploited by an attacker to cause elevation of privilege and unauthorized system access...

9.1CVSS7.8AI score0.00349EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple macOS Sequoia Permission Issues Vulnerability

Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia suffers from a privilege issue vulnerability that can be exploited by an attacker to cause a malicious app to gain root privileges...

7.8CVSS6.4AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/10 12:0 a.m.•5 views

Apple iOS and iPadOS Improvements for Underchecked Vulnerabilities

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain an Improvement Check Insufficiency vulnerability that can be exploited by attackers to cause an application to monitor keystrokes without th...

5.4CVSS6.3AI score0.00215EPSS
Exploits0References1
Total number of security vulnerabilities131179