130931 matches found
WordPress Alone Theme plugin code injection vulnerability
The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...
Tenda AC6 DhcpListClient Function Buffer Overflow Vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the failure of the page parameter in the DhcpListClient function to correctly validate the length of the input data, and can be exploit...
Tenda AC6 AdvSetMacMtuWan function buffer overflow vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the AdvSetMacMtuWan function failing to correctly validate the length of the input data, and can be exploited by an attacker to execute...
Tenda AC6 SetClientState function buffer overflow vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the SetClientState function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...
Tenda AC6 openSchedWifi function buffer overflow vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the openSchedWifi function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...
WordPress Boldermail plugin deserialization vulnerability
The WordPress Boldermail plugin is an email marketing and automation platform designed specifically for WordPress, allowing users to manage subscribers, design email templates and create automated workflows directly in the WordPress backend. WordPress Boldermail plugin suffers from a...
WordPress Breeze Checkout Plugin Missing Authorization Vulnerability
WordPress Breeze Checkout Plugin is a free and open source caching plugin developed by Cloudways, mainly used to optimize the loading speed and performance of WordPress websites. WordPress Breeze Checkout Plugin suffers from a lack of authorization vulnerability that stems from a lack of...
WordPress bbPress Notify plugin cross-site scripting vulnerability
WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...
WordPress auto-login-after-registration plugin cross-site scripting vulnerability
WordPress auto-login-after-registration plugin is mainly used to realize the function of automatically logging in the account after the user completes the password reset or registration, which belongs to the user management plugin. A cross-site scripting vulnerability exists in the WordPress...
WordPress Contact Form by Supsystic plugin cross-site scripting vulnerability
WordPress Contact Form by Supsystic plugin is a WordPress plugin for creating contact forms with drag-and-drop editing support that can be used without programming basics. The WordPress Contact Form by Supsystic plugin suffers from a cross-site scripting vulnerability that stems from the...
Tenda AC6 SetSpeedWan Function Buffer Overflow Vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the speeddir parameter in the SetSpeedWan function failing to properly validate the length of the input data, and can be exploited by an...
WordPress Child Themes plugin cross-site scripting vulnerability
WordPress Child Themes plugin is mainly used to simplify the creation and management of child themes, through automation tools to help users quickly generate child themes based on the parent theme. A cross-site scripting vulnerability exists in the WordPress Child Themes plugin, which stems from...
WordPress Bg Book Publisher plugin cross-site scripting vulnerability
WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Cinza Grid plugin cross-site scripting vulnerability
WordPress Cinza Grid plugin is a lightweight WordPress plugin based on Isotope Waterfall Layout for creating responsive grid layouts that support the presentation of posts, pages or custom content types. WordPress Cinza Grid plugin suffers from a cross-site scripting vulnerability that stems from...
Tenda AC6 addressNat function stack buffer overflow vulnerability
Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the page parameter in the addressNat function failing to properly validate the length of the input data,...
Tenda AC6 fast_setting_wifi_set function stack buffer overflow vulnerability
Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the ssid parameter in the fastsettingwifiset function failing to properly validate the length of the input...
WordPress Businext plugin file inclusion vulnerability
WordPress Businext plugin is a WordPress theme designed for business and financial institutions, offering highly specialized features and layout options for scenarios such as official corporate websites, law firms, investment institutions, and more. WordPress Businext plugin suffers from a file...
Mediawiki - ExternalGuidance Cross-Site Scripting Vulnerability
Mediawiki - ExternalGuidance is an extension for providing links or resources for external guidance. Mediawiki - ExternalGuidance suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
Apache Geode Cross-Site Request Forgery Vulnerability (CNVD-2025-25375)
Apache Geode is the Apache Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. Apache Geode suffers from a cross-site request forgery vulnerability, which arises when a web application...
Mediawiki - MultiBoilerplate Extensionmaste Cross-Site Scripting Vulnerability
Mediawiki - MultiBoilerplate Extensionmaste is an extension for MediaWiki that manages predefined boilerplates, allowing users to quickly insert blocks of reused text while editing a page. A cross-site scripting vulnerability exists in Mediawiki - MultiBoilerplate Extensionmaste, which stems from...
Mediawiki - LanguageSelector Extension Code Injection Vulnerability
Mediawiki - LanguageSelector Extension is an extension for MediaWiki to provide multi-language support, allowing users to select and configure the interface language. A code injection vulnerability exists in Mediawiki - LanguageSelector Extension, which stems from improper neutralization of speci...
Mediawiki - LastModified Extension Cross-Site Scripting Vulnerability
Mediawiki - LastModified Extension is a MediaWiki extension for displaying the last modified time of a page. Mediawiki - LastModified Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...
ChurchCRM Path Traversal Vulnerability
ChurchCRM is an open source CRM system for churches. ChurchCRM 5.18.0 and previous versions of path traversal vulnerability, the vulnerability stems from the file src/ChurchCRM/Backup/RestoreJob.php parameter restoreFile fails to correctly filter the resource or file path of the special elements,...
ChanCMS Code Injection Vulnerability
ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...
ChanCMS /cms/model/hasUse File SQL Injection Vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...
ChanCMS /cms/article/update file SQL injection vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...
Mediawiki - AdvancedSearch Extension Cross-Site Scripting Vulnerability
Mediawiki - AdvancedSearch Extension is an extension plugin for MediaWiki that enhances the search functionality, often used in conjunction with CirrusSearch and Elastica, to significantly improve search efficiency and accuracy. A cross-site scripting vulnerability exists in MediaWiki -...
Mediawiki - CentralAuth Extension Resource Disclosure Vulnerability
Mediawiki - CentralAuth Extension is an extension to MediaWiki designed for the Wikimedia project to manage cross-site user account merging, locking, renaming and other operations. A resource disclosure vulnerability exists in Mediawiki - CentralAuth Extension, which stems from the exposure of...
Mediawiki - CirrusSearch Extension Denial of Service Vulnerability
Mediawiki - CirrusSearch Extension is an extension for MediaWiki to provide advanced search functionality and enhance search efficiency. A denial of service vulnerability exists in Mediawiki - CirrusSearch Extension, which stems from an unrestricted resource allocation or throttling, and can be...
Mediawiki - FlexDiagrams Extension Cross-Site Scripting Vulnerability
Mediawiki - FlexDiagrams Extension is an extension to MediaWiki for embedding and displaying diagrams or flowcharts in wiki pages. Mediawiki - FlexDiagrams Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
Mediawiki - GrowthExperiments Extension Default Permission Error Vulnerability
Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A default permission error vulnerability exists in Mediawiki -...
OpenBao Resource Management Error Vulnerability
OpenBao is OpenBao open source a sensitive data management software . OpenBao version 2.4.1 before the resource management error vulnerability , the vulnerability stems from the JSON object deserialization may occupy too much memory , an attacker can use this vulnerability to cause a denial of...
Bank Locker Management System search parameter cross-site scripting vulnerability
Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the /search parameter, which can be exploited by an attacker to...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29154)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...
ZOHO ManageEngine ADManager Plus Command Injection Vulnerability
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
ChanCMS /cms/article/findField File SQL Injection Vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of external SQL statements in the function findField in the file /cms/article/findField. An attacker can exploit this vulnerability to...
Mediawiki - ImageRating Extension Cross-Site Scripting Vulnerability
Mediawiki - ImageRating Extension is a plugin for generating and managing image rating features. Mediawiki - ImageRating Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29152)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from an improperly set Content-Type...
ChurchCRM Deserialization Vulnerability
ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions exist deserialization vulnerability , the vulnerability stems from the file setup/routes/setup.php in the parameter DBPASSWORD/ROOTPATH/URL in the receipt of user-submitted serialized...
Mediawiki - GrowthExperiments Extension Cross-Site Scripting Vulnerability
Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A cross-site scripting vulnerability exists in Mediawiki - GrowthExperimen...
ZOHO ManageEngine Applications Manager Information Disclosure Vulnerability (CNVD-2025-29926)
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. An information disclosure...
ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)
ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...
ZOHO ManageEngine Endpoint Central XML Injection Vulnerability
ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO. An XML injection vulnerability exists in ZOHO ManageEngine Endpoint Central, and no details of the vulnerability are available at this time...
Oracle Solaris Resource Management Error Vulnerability
Oracle Solaris is a Unix-like operating system developed by Oracle. A file system component vulnerability exists in Oracle Solaris version 11 that stems from a flaw in the system privilege validation mechanism. An attacker could use this vulnerability to cause a complete denial of service sustain...
D-Link DIR-820L Access Control Error Vulnerability
The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...
Unspecified Vulnerability in IBM Aspera Faspex
IBM Aspera Faspex is an International Business Machines IBM solution for rapid global person-to-person document delivery and collaboration. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 that stems from a cross-domain policy file containing domains that shoul...
WordPress Demo Import Kit plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress Demo Import Kit plugin, which stems from a lack of file type validation in the import function and can be exploite...
WordPress BlindMatrix e-Commerce plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress BlindMatrix e-Commerce plugin that stems from an unvalidated shortcode attribute that can be exploited by an attacker to...
SAMSUNG Notes out-of-bounds read vulnerability (CNVD-2025-24704)
SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to access out-of-bounds memory...
Adobe Animate Memory Misreference Vulnerability (CNVD-2025-24424)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Animate, which can be exploited by an attacker to cause arbitrary code to be executed in the current user environment...