Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/11/05 12:0 a.m.•8 views

WordPress MasterStudy LMS plugin SQL Injection Vulnerability

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

7.6CVSS8.2AI score0.00255EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

TOTOLINK A7000R urldecode function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability that originates from the ssid5g parameter in the urldecode function...

7.5CVSS7.2AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

Tenda AX-3 get_parentControl_list_Info function stack buffer overflow vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability that originates from the deviceId parameter in the getparentControllistInfo function failing to properly...

7.5CVSS6.1AI score0.00362EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

TOTOLINK LR350 sub_422880 function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

7.5CVSS7.2AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

TOTOLINK LR350 sub_421BAC function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

7.5CVSS7.2AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

TOTOLINK LR350 sub_426EF8 function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the password parameter in the...

7.5CVSS7.3AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

TOTOLINK LR350 sub_425400 function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

7.5CVSS7.2AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

TOTOLINK LR350 sub_42396C function stack buffer overflow vulnerability

TOTOLINK LR350 is a 4GLTE wireless router from China's Gion Electronics TOTOLINK that supports converting 4G signals to wired signals for home and office scenarios. The TOTOLINK LR350 suffers from a stack buffer overflow vulnerability, which stems from the failure of the ssid parameter in the...

7.5CVSS7.2AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•9 views

WordPress Post SMTP plugin Unauthorized Access to Data Vulnerability

WordPress Post SMTP plugin is a tool for solving WordPress website email sending problems, which realizes email sending through SMTP protocol and avoids emails that can't be sent or marked as spam due to server limitations. WordPress Post SMTP plugin suffers from an unauthorized access to data...

9.8CVSS7AI score0.51507EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

TOTOLINK A7000R sub_421A04 function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the failure of the wifiOff parameter in the sub421A0...

7.5CVSS7.3AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Blocksy Companion Plugin Cross-Site Scripting Vulnerability

WordPress Blocksy Companion Plugin is an official plugin designed for WordPress theme Blocksy to enhance the theme functionality with advanced customization options and integration tools. WordPress Blocksy Companion Plugin suffers from a cross-site scripting vulnerability that stems from the...

6.4CVSS6AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

TOTOLINK A7000R sub_421CF0 function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub421CF0 function faili...

7.5CVSS7.3AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Inactive Logout plugin cross-site scripting vulnerability

WordPress Inactive Logout plugin is a WordPress security plugin for automatically terminating inactive user sessions to prevent unauthorized access. The WordPress Inactive Logout plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering...

6.4CVSS6.1AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Tenda AC8 Buffer Overflow Vulnerability

Tenda AC8 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC8 Hardware version v03.03.10.01, which originates from a boundary error in the UPnP service when handling untrusted input. An attacker can exploit this vulnerability to execute arbitrar...

7.5CVSS8.3AI score0.00334EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

News Portal Hardcoding Vulnerability

News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...

8.1CVSS5.2AI score0.00379EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Tenda AX-1803 Buffer Overflow Vulnerability

The Tenda AX-1803 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AX-1803 v1.0.0.1, which originates from the timeZone parameter in the formfastsettingwifiset function that fails to correctly validate the length of the input data, and can be...

7.5CVSS8.3AI score0.00362EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•9 views

WordPress Consulting plugin file inclusion vulnerability

WordPress Consulting plugin is a plugin that provides WordPress website optimization, security auditing, performance enhancement, etc. It is mainly used to help businesses or individual users to solve the technical problems of WordPress websites. WordPress Consulting plugin has a file inclusion...

7.5CVSS6.5AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

School Fees Payment Management System /ajax.php?action=delete_course file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. School Fees Payment Management System is vulnerable to a SQL injection vulnerability that stems from improper handling of unknown parameters in the /ajax.php?action=deletecourse file. No details of the vulnerability are...

9.8CVSS5.9AI score0.00314EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress Employee Spotlight plugin cross-site scripting vulnerability

WordPress Employee Spotlight plugin is a plugin for quickly searching and managing WordPress backend content, inspired by the Mac's Spotlight feature, which supports searching for posts, users, plugins, themes, etc., and provides real-time updating and editing features. The WordPress Employee...

6.4CVSS6.1AI score0.00176EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•11 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...

9.8CVSS7.1AI score0.00273EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress Plugin WP Discourse Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Discourse, which stem...

4.3CVSS5.7AI score0.00245EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities (CNVD-2025-27470)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...

9.8CVSS7.1AI score0.00273EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Analytify Pro plugin information disclosure vulnerability

WordPress Analytify Pro plugin is a Google Analytics plugin designed for WordPress, mainly used in the WordPress background and front-end display of Google Analytics data, to simplify the process of analyzing website traffic and user behavior. WordPress Analytify Pro plugin has an information...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29071)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing security header. No...

9.8CVSS6.6AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Ohio Extra plugin cross-site scripting vulnerability

WordPress Ohio Extra plugin is a free WordPress plugin designed specifically for the OceanWP theme to enhance the theme functionality and improve the site building experience. WordPress Ohio Extra plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.5CVSS6.2AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Insert PHP Code Snippet plugin missing authorization vulnerability

WordPress Insert PHP Code Snippet plugin is a tool for inserting custom PHP code into posts or pages in WordPress, supporting secure execution of code snippets and managing code blocks. A lack of authorization vulnerability exists in WordPress Insert PHP Code Snippet plugin, which can be exploite...

4.3CVSS7.3AI score0.00191EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Kleo plugin file inclusion vulnerability

WordPress Kleo plugin is a feature-rich portfolio of themes and plugins in the WordPress ecosystem, primarily used to build social networks, member communities and e-commerce platforms. WordPress Kleo plugin suffers from a file inclusion vulnerability that stems from improper file name control,...

7.5CVSS6.9AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress Consulting Elementor Widgets plugin cross-site scripting vulnerability

WordPress Consulting Elementor Widgets plugin is a plugin for the Elementor page builder that allows users to add and customize website content with drag and drop functionality. The WordPress Consulting Elementor Widgets plugin suffers from a cross-site scripting vulnerability that stems from the...

6.5CVSS6AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

WordPress Masterstudy plugin file inclusion vulnerability

WordPress Masterstudy plugin is a free learning management system plugin designed for WordPress. The WordPress Masterstudy plugin suffers from a file inclusion vulnerability that stems from improper control over the filename of include or request statements, which can be exploited by an attacker ...

7.5CVSS7AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress Advanced Database Cleaner plugin cross-site request forgery vulnerability

WordPress Advanced Database Cleaner plugin a plugin for cleaning and optimizing WordPress databases to help users remove redundant data such as spam comments, old drafts, etc., improve site performance and reduce database size. The WordPress Advanced Database Cleaner plugin suffers from a...

4.3CVSS6.7AI score0.00118EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•2 views

WordPress Noo JobMonster plugin authentication bypass vulnerability

WordPress Noo JobMonster plugin is a recruitment theme on the WordPress platform, mainly used to build a job search and recruitment website, support for employers to post jobs, job seekers to submit resumes and other functions. WordPress Noo JobMonster plugin has an authentication bypass...

9.8CVSS7.1AI score0.01005EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•9 views

WordPress King Addons for Elementor plugin elevation of privilege vulnerability

WordPress King Addons for Elementor plugin is an extension plugin designed specifically for the Elementor page builder, offering a large number of preset templates, components, and features for quickly building WordPress websites. The WordPress King Addons for Elementor plugin suffers from an...

9.8CVSS7.2AI score0.09142EPSS
Exploits4References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Depicter plugin cross-site request forgery vulnerability

WordPress Depicter plugin is a slider, popup and rotator image creation tool designed for WordPress, offering a no-code interface and rich customization features. The WordPress Depicter plugin suffers from a cross-site request forgery vulnerability, which originates from a web application that do...

4.3CVSS6.8AI score0.00156EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

WordPress Bard plugin cross-site request forgery vulnerability

WordPress Bard plugin is a tool used to stop chatbots such as Bard from crawling the content of your website, which is achieved by modifying the virtual robots.txt file. The WordPress Bard plugin suffers from a cross-site request forgery vulnerability that originates when a web application does n...

5.4CVSS6.7AI score0.0011EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27586)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

7.8CVSS8.2AI score0.00518EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

Tenda AC10 Buffer Overflow Vulnerability

Tenda AC10 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC10 version 16.03.10.13, which originates from the mishandling of the getui parameter in the formSysRunCmd function in the /goform/SysRunCmd file. The vulnerability can be exploited to trigger a...

9.8CVSS9.3AI score0.00831EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

Tenda AC21 Buffer Overflow Vulnerability

Tenda AC21 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC21 version 16.03.08.16, which originates from improper manipulation of the startIp parameter of the formSetPPTPServer function in the /goform/SetPptpServerCfg file. The vulnerability can be...

9.8CVSS8.2AI score0.00673EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

Tenda A15 Buffer Overflow Vulnerability

Tenda A15 is a wireless router device from Tenda. A buffer overflow vulnerability exists in Tenda A15 version 15.13.07.13, which originates from the improper handling of the wpapskcrypto24g parameter in the fromSetWirelessRepeat function in the /goform/openNetworkGateway file. An attacker can...

9.8CVSS8.4AI score0.00804EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•6 views

D-Link DNS-343 ShareCenter Command Execution Vulnerability

The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...

9.8CVSS6.4AI score0.09806EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress Gutenberg plugin cross-site scripting vulnerability

The WordPress Gutenberg plugin is a block editor enhancement designed for WordPress to extend the default editor functionality with support for custom content layouts, data store optimization and RESTAPI integration. WordPress Gutenberg plugin suffers from a cross-site scripting vulnerability tha...

6.5CVSS6.1AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

WordPress Community Events plugin cross-site scripting vulnerability

WordPress Community Events plugin is an event management plugin for the WordPress platform that allows users to create and display event calendars with support for AJAX dynamic loading and event submission form functionality. WordPress Community Events plugin suffers from a cross-site scripting...

7.2CVSS6AI score0.00265EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Cross-Site Request Forgery Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a cross-site request forgery vulnerability that is caused by imprope...

10CVSS6.7AI score0.00155EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress K Elements plugin cross-site scripting vulnerability

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

6.5CVSS6.1AI score0.00151EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•8 views

TOTOLINK A7000R sub_4222E0 function stack buffer overflow vulnerability

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub4222E0 function faili...

7.5CVSS7.3AI score0.00376EPSS
Exploits1References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•8 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29076)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from disabling email server...

10CVSS6.6AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•5 views

Dell Unity OS Command Injection Vulnerability (CNVD-2025-27583)

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

7.8CVSS7.5AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

WordPress Plugin Rank Math SEO Information Leakage Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Rank Math SEO.The...

4.3CVSS5.7AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

WordPress Polylang plugin deserialization vulnerability

WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...

8.8CVSS7.5AI score0.00332EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•16 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-27469)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which can be exploited by an attacker to cause a...

10CVSS6.7AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

Dell Unity OS Command Injection Vulnerability

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

7.8CVSS7.5AI score0.00598EPSS
Exploits0References1
Total number of security vulnerabilities131179