131179 matches found
WordPress Plugin MeetingHub Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MeetingHub, which can be...
WordPress Easy Digital Downloads plugin order manipulation vulnerability
WordPress Easy Digital Downloads plugin is a free plugin designed for WordPress to create and manage a digital merchandising store that supports the sale of downloadable content such as eBooks, software, media and more. WordPress Easy Digital Downloads plugin suffers from an order manipulation...
WordPress Plugin The Events Calendar Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin The Events Calendar has an information disclosure vulnerability, the...
Advantech WebAccess/VPN NetworksController.addNetworkAction function SQL Injection Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
WordPress Case Addons plugin file upload vulnerability
The WordPress Case Addons plugin is a plugin for the Elementor page builder that offers a wide range of functional components and templates for enhancing website design and content presentation. The WordPress Case Addons plugin suffers from a file upload vulnerability that stems from the...
WordPress Plugin KiotViet Sync Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin KiotViet Sync, which ste...
WordPress Ace User Management plugin does not properly validate password reset token vulnerability
WordPress Ace User Management plugin is a WordPress user management plugin developed by Acewebx, mainly used to enhance and customize WordPress user roles, permissions and management features. WordPress Ace User Management plugin suffers from an improperly validated password reset token...
Maid Hiring Management System maid-hiring.php File Cross-Site Scripting Vulnerability
Maid Hiring Management System is a maid hiring management system. Maid Hiring Management System suffers from a cross-site scripting vulnerability that originates from unvalidated entry of the name field in /maid-hiring.php, no details of the vulnerability are available at this time...
CMSimple_XH Cross-Site Scripting Vulnerability
CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...
WordPress Plugin FunnelKit Automations Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin FunnelKit Automations,...
WordPress Easy Appointments plugin cross-site scripting vulnerability
WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...
WordPress Dessau plugin file inclusion vulnerability
WordPress Dessau plugin is an extension for WordPress websites, mainly for SEO optimization and content management. WordPress Dessau plugin suffers from a file inclusion vulnerability that stems from improper control of file names for include or reference statements, which can be exploited by an...
WordPress Plugin Atarim Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Atarim, which can be...
WordPress Cost Calculator Builder plugin missing license vulnerability
WordPress Cost Calculator Builder plugin is a tool for creating cost calculators that supports multiple styles and features for e-commerce, quotation and other scenarios. WordPress Cost Calculator Builder plugin suffers from a missing authorization vulnerability that can be exploited by attackers...
Google Chrome Misimplementation Vulnerability (CNVD-2026-07246)
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an improper implementation vulnerability that stems from an improper implementation in V8. An attacker could exploit this vulnerability by exploiting a heap corruption vulnerability via a carefully constructed HTML...
WordPress Easy Email Subscription plugin SQL Injection Vulnerability
WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...
WordPress plugin integrate-google-drive information disclosure vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin integrate-google-drive has an information disclosure vulnerability, the...
Advantech WebAccess/VPN AjaxPrevalidationController.ajaxAction Function SQL Injection Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
WordPress All in One Time Clock Lite plugin unauthorized access vulnerability
WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...
Dell CloudLink Command Execution Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
Dell CloudLink Elevation of Privilege Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. An elevation of privilege vulnerability exists in Dell CloudLink, which could be exploited by an attacker to gain access to a database and obtain confidential information...
Apple iOS and iPadOS Insufficient Boundary Check Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS suffer from a boundary check insufficiency vulnerability that can be exploited by an attacker to cause a process crash triggered by a malicious HID...
Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11788)
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...
Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11789)
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that can be exploited by an attacker to upload a specially crafted configuration file for...
CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30336)
CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. An information disclosure vulnerability exists in CanalDenuncia App due to incorrect validation of the parameters iddenuncia and iduser authorization in /backend/api/buscarDocumentosByIdDenunciaUsuario.php. An attacker...
Microsoft Graphics Component Resource Management Error Vulnerability
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Graphics Component that stems from improper synchronization of shared resources and can be exploited by an attacker to cause a local elevation o...
Apple Xcode Insufficient Input Validation Vulnerability
Apple Xcode is an integrated development environment developed by Apple Inc. Apple Xcode suffers from an Insufficient Input Validation vulnerability that can be exploited by an attacker to cause heap corruption...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...
Grav CMS Cross-Site Scripting Vulnerability
Grav CMS is a modern, lightweight content management system CMS with a file-driven architecture that runs without relying on traditional databases. Grav CMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplie...
Dell CloudLink Denial of Service Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. A denial of service vulnerability exists in Dell CloudLink, which can be exploited by an attacker to cause a denial of service...
Cisco Unified Contact Center Express Path Traversal Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A path traversal vulnerability exists in...
Microsoft Windows Bluetooth Service Resource Management Error Vulnerability
Microsoft Windows Bluetooth Service is a Bluetooth driver from Microsoft Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Windows Bluetooth Service that stems from a contention condition due to improper synchronization of shared resources, which can be...
Dell Command Monitor Elevation of Privilege Vulnerability
Dell Command Monitor is a software from Dell USA that manages Dell's enterprise client systems. An elevation of privilege vulnerability exists in Dell Command Monitor, which can be exploited by an attacker to cause an elevation of privilege...
IBM Cloud Pak for Business Automation Improper Access Control Vulnerability
IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...
CanalDenuncia App Information Disclosure Vulnerability
CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of the parameter email in /backend/api/users/searchUserByEmail.php, which can be exploited by an...
Advantech DeviceOn/iEdge Cross-Site Scripting Vulnerability
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech DeviceOn/iEdge, which stems from insufficient cleanup of dashboard labels or path inputs, and can be...
Apple iOS and iPadOS Information Disclosure Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An information disclosure vulnerability exists in Apple iOS and iPadOS, which stems from a logging issue that could be exploited by an attacker to disclose sensitive use...
Microsoft Graphics Component Resource Management Error Vulnerability (CNVD-2025-29346)
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation, USA. A resource management error vulnerability exists in Microsoft Graphics Component, which stems from reuse after release and can be exploited by an attacker to cause a local elevation of privilege...
Apple iOS and iPadOS Logic Issues Insufficient Checks Vulnerability
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and iPadOS contain a logical issue with an insufficiently checked vulnerability that can be exploited by an attacker to view sensitive user information...
Apple Xcode Insufficient Boundary Check Vulnerability
Apple Xcode is an integrated development environment developed by Apple Inc. Apple Xcode suffers from a boundary check insufficiency vulnerability that can be exploited by an attacker to cause a denial of service...
LinkAce cross-site scripting vulnerability (CNVD-2025-27898)
LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...
CanalDenuncia App Information Disclosure Vulnerability (CNVD-2025-30334)
CanalDenuncia App is a reporting channel application from CanalDenuncia Spain. The CanalDenuncia App suffers from an information disclosure vulnerability caused by incorrect authorization validation of parameters id and idsociedad in /api/buscarEmpresaById.php. An attacker can use this...
Apple macOS Sequoia Permission Issue Vulnerability (CNVD-2025-29330)
Apple macOS Sequoia is an operating system announced by Apple on June 10, 2024 at the WWDC24 developer conference. Apple macOS Sequoia has a privilege issue vulnerability that can be exploited by attackers to cause an application to access sensitive user data...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A code issue vulnerability exists in Cisco...
IBM Cloud Pak for Business Automation Misallocation of Ownership Vulnerability
IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...
IBM Cloud Pak for Business Automation Denial of Service Vulnerability
IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-824752)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Dell CloudLink Command Execution Vulnerability (CNVD-2025-28522)
Dell CloudLink is a data encryption and key management system from Dell USA. A command execution vulnerability exists in Dell CloudLink, which could be exploited by an attacker to execute arbitrary commands on the system...
Cisco Unified Contact Center Express Code Issue Vulnerability
Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. A security vulnerability exists in Cisco...
Dell CloudLink Operating System Command Injection Vulnerability
Dell CloudLink is a data encryption and key management system from Dell USA. Dell CloudLink suffers from an operating system command injection vulnerability that could be exploited by an attacker to cause elevation of privilege and unauthorized system access...