Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/11/05 12:0 a.m.•3 views

IBM Tivoli Monitoring Path Traversal Vulnerability

IBM Tivoli Monitoring is a set of system monitoring solutions introduced by IBM, mainly used for real-time monitoring of system performance, availability and application status in the enterprise IT environment. A path traversal vulnerability exists in IBM Tivoli Monitoring that stems from not...

7.5CVSS6.8AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

WordPress OOPSpam Anti-Spam plugin IP Header Forgery Vulnerability

WordPress OOPSpam Anti-Spam plugin is an anti-spam plugin designed for WordPress that protects forms and comments from spam through AI and machine learning techniques without the use of CAPTCHA validation. The WordPress OOPSpam Anti-Spam plugin suffers from an IP header forgery vulnerability that...

5.3CVSS6.9AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•17 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-27469)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which can be exploited by an attacker to cause a...

10CVSS6.7AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•49 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

10CVSS6.1AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•7 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 suffer from a denial of service vulnerability that stems from vulnerability to...

10CVSS6.7AI score0.00305EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•15 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29078)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a lack of authentication. An...

10CVSS6.5AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/05 12:0 a.m.•4 views

WordPress Polylang plugin deserialization vulnerability

WordPress Polylang plugin is a multilingual WordPress plugin for creating and managing multilingual websites, supports switching from 1 to 10 or more languages, the core functionality is fully integrated with WordPress built-in features e.g. taxonomies without additional dependency on external...

8.8CVSS7.5AI score0.00332EPSS
Exploits0References1
CNVD
CNVD
•added 2025/11/04 12:0 a.m.•5 views

Remote Code Execution Vulnerability in U8 Cloud of UFIDA Network Technology Co.

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A remote code execution vulnerability exists in UFIDA U8 Cloud, which can be...

6.6AI score
Exploits0
CNVD
CNVD
•added 2025/11/03 12:0 a.m.•5 views

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-778387)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

5.9AI score
Exploits0
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Open5GS has an unspecified vulnerability (CNVD-2025-26159)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by attackers to cause a denial-of-service attack...

8.7CVSS6.8AI score0.00391EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Online Event Judging System action.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in the parameter content in the file /ajax/action.php. An attacker can exploit...

8.8CVSS7.1AI score0.00299EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Simple Food Ordering System editproduct.php File Upload Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /editproduct.php. No details of the vulnerability are available at this time...

9.8CVSS7.6AI score0.00479EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Simple Food Ordering System editcategory.php file cross-site scripting vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter pname in the file /editcategory.php, which can be exploit...

6.1CVSS4.8AI score0.00351EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Simple Food Ordering System addcategory.php file cross-site scripting vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter cname in the file /addcategory.php, which can be exploite...

6.1CVSS4.8AI score0.00356EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Client Details System update-clients.php file cross-site scripting vulnerability

Client Details System is a client information system. Client Details System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /update-clients.php, which can be exploited by an attacker to execute...

5.4CVSS6.1AI score0.00225EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29086)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to a vulnerability when th...

5.5CVSS6.1AI score0.00097EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27643)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the SERVICE, LOGIN, and PASSWORD parameters, which could be exploited by...

5.4CVSS6.1AI score0.05013EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Tenda O3 Buffer Overflow Vulnerability (CNVD-2025-26877)

Tenda O3 is an outdoor wireless bridge from Tenda, China. The Tenda O3 suffers from a buffer overflow vulnerability that stems from the parameter lan in the file /goform/setVlanConfig failing to properly validate the length of the input data, which can be exploited by an attacker to cause a stack...

9CVSS7.5AI score0.00725EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29151)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a weak password policy. No...

10CVSS6.9AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

WordPress Plugin Atarim Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Atarim, which originates...

7.5CVSS5.7AI score0.00279EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

Online Event Judging System add_judge.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fullname in the file /addjudge.php. The vulnerability can be...

8.8CVSS7.1AI score0.00299EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29085)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the use of outdated and vulnerabl...

10CVSS6.9AI score0.00372EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29087)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by the use of vulnerable...

10CVSS6.8AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Client Details System manage-users.php File Cross-Site Scripting Vulnerability

Client Details System is a client information system. Client Details System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/manage-users.php, which can be exploited by an attacker to execute...

4.8CVSS6.1AI score0.0026EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

TOTOLINK A3300R cstecgi.cgi File Buffer Overflow Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the parameter ip of the function setDmzCfg in the file...

9.8CVSS9.1AI score0.00753EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

Devolutions Server Improper Input Validation Vulnerability

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an improper input validation vulnerability that stems from...

5.1CVSS6.5AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...

7.5CVSS6.8AI score0.01251EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•10 views

Tenda CH22 formaddressNat function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from the parameter page in the file /goform/addressNat that fails to properly validate the length of the input data, which can be exploited by an attacker to execute...

9.8CVSS9.2AI score0.00682EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

5.4CVSS6.1AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•8 views

Client Details System clientview.php File Cross-Site Scripting Vulnerability

Client Details System is a client information system. Client Details System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/clientview.php, which can be exploited by an attacker to execute...

5.4CVSS6.1AI score0.00225EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27644)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleanup and escaping of the TLSHOSTNAME, UPSTREAMUSER, UPSTREAMPASSWORD, ADMINMAILADDRESS, an...

5.1CVSS6.1AI score0.00479EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•10 views

Unspecified Vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29090)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the use of weak default...

10CVSS7AI score0.0027EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

TOTOLINK A3300R setOpModeCfg function stack buffer overflow vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter opmode in the setOpModeCfg function in t...

9CVSS9.1AI score0.0093EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

WordPress Plugin Auto Featured Image Server-Side Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A server-side request forgery vulnerability exists in the WordPress plugin Auto Featured Image,...

7.7CVSS6.5AI score0.00042EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

TOTOLINK A3300R enable parameter buffer overflow vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3300R version 17.0.0cu.557B20221024, which originates from the parameter enable in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length and siz...

9CVSS9AI score0.0093EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Tenda CH22 fromNatStaticSetting function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromNatStaticSetting in the file /goform/NatStaticSetting that fails to correctly validate the length of the input...

9CVSS9.1AI score0.00745EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•2 views

Client Details System Authorization Bypass Vulnerability

Client Details System is a client information system. An authorization bypass vulnerability exists in Client Details System that stems from an authorization bypass of an unknown function and can be exploited by an attacker to compromise confidentiality...

8.1CVSS4.8AI score0.00433EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Nero Social Networking Site addfriend.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addfriend.php. An attacker can exploit this vulnerability to...

9.8CVSS7.9AI score0.00431EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27648)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the IGNOREENTRYREMARK parameter, which can be exploited by an attacker to...

5.4CVSS6.2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29094)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from a failed logout feature. No...

6.9CVSS6.9AI score0.00185EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Information Disclosure Vulnerabilities (CNVD-2025-29149)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is due to improper...

10CVSS6.2AI score0.00289EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•8 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27635)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability caused by multiple methods in the cleanhtml function that improperly validate user-supplied input. An attacker could use this...

5.4CVSS6.4AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•6 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Cross-Site Scripting Vulnerabilities

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to a cross-site scripting vulnerability that is caused by improper...

6.9CVSS6.2AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

Tenda O3 formsetNetworkService function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 1.0.0.10 version of the buffer overflow vulnerability, the vulnerability stems from the file / goform / setNetworkService function SetValue / GetValue parameter upnpEn failed to correctly validate the length of the input data size...

9CVSS8.3AI score0.00725EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•5 views

Tenda CH22 fromDhcpListClient function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the function fromDhcpListClient parameter page in the file /goform/DhcpListClient fails to correctly validate the length of the input data, which can be...

9CVSS8.3AI score0.03176EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Curfew e-Pass Management System admin-profile.php file cross-site scripting vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter adminname or email in the file...

4.8CVSS6.2AI score0.00238EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•4 views

E-Commerce Website supplier_update.php file cross-site scripting vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters suppname and suppaddress in the file /pages/supplierupdate.php, which can be...

6.1CVSS6.3AI score0.00356EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Tenda CH22 fromSafeClientFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeClientFilter in the file /goform/SafeClientFilter fails to correctly validate the length of the input data, a...

9.8CVSS9.2AI score0.04578EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•3 views

Online Event Judging System edit_criteria.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter critid in the file /editcriteria.php. The vulnerability can be...

8.8CVSS7.1AI score0.00301EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/31 12:0 a.m.•12 views

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Elevation of Privilege Vulnerabilities (CNVD-2025-29083)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An elevation of privilege vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 due to an arbitrary file write fla...

10CVSS7.4AI score0.00442EPSS
Exploits0References1
Total number of security vulnerabilities131179