Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/30 12:0 a.m.•3 views

D-Link DIR600L formLanSetupRouterSettings Function Buffer Overflow Vulnerability

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...

9.8CVSS8.1AI score0.00376EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•7 views

D-Link DIR600L formAdvNetwork Function Buffer Overflow Vulnerability

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...

7.5CVSS7.3AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•5 views

D-Link DIR600L formSetEasy_Wizard Function Buffer Overflow Vulnerability

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. A buffer overflow vulnerability exists in the D-Link DIR600L, which is caused by the...

7.5CVSS7.3AI score0.00336EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•6 views

Google Chrome Out-of-Bounds Read Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read issue in the Media component. An attacker can exploit this vulnerability to perform out-of-bounds memory access via a carefully constructed...

7.5CVSS6.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•4 views

Google Chrome on Android Omnibox Improperly Implemented Vulnerability

Google Chrome on Android is a mobile browser from Google, optimized for Android devices, offering fast browsing, smart search, privacy protection and cross-device syncing. Google Chrome on Android suffers from an Omnibox mal-implementation vulnerability that can be exploited by attackers to cause...

6.3CVSS6.7AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•13 views

WordPress Plugin Quickcreator Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Quickcreator, which stem...

7.5CVSS5.7AI score0.00304EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•7 views

JeecgBoot Path Traversal Vulnerability

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has a path traversal vulnerability that stems from a path traversal vulnerability in the interface...

6.3CVSS5.9AI score0.00244EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•7 views

Google Chrome Reuse After Release Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a post-release reuse vulnerability that can be exploited by an attacker to perform out-of-bounds memory access via a carefully constructed HTML page...

3.1CVSS6.8AI score0.00257EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/30 12:0 a.m.•15 views

D-Link DIR600L formTcpipSetup Function Buffer Overflow Vulnerability

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...

7.5CVSS7.3AI score0.0034EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/29 12:0 a.m.•3 views

Dell Storage Manager XML External Entity References Improperly Restricted Vulnerability

Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An XML External Entity Reference Improper Restriction vulnerability...

6.5CVSS6.7AI score0.00297EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/29 12:0 a.m.•4 views

Unspecified Vulnerability in ISC BIND 9 (CNVD-2025-26736)

ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9, which arises from an overly lax acceptance of response records, and can be exploited by an attacker to cause forged data to be injected into the cache...

8.6CVSS6.8AI score0.00509EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/29 12:0 a.m.•3 views

Unspecified Vulnerability in ISC BIND 9

ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9 that stems from a weakness in the pseudo-random number generator, which can be exploited by an attacker to cause prediction of source ports and query IDs...

8.6CVSS6.8AI score0.00454EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/29 12:0 a.m.•3 views

ISC BIND 9 Denial of Service Vulnerability

ISC BIND 9 is a domain name system software from the ISC organization. A denial of service vulnerability exists in ISC BIND 9, which arises from improper resource consumption when processing malformed DNSKEY records in specially crafted zones, and can be exploited by an attacker to cause CPU...

7.5CVSS6.7AI score0.1096EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/29 12:0 a.m.•3 views

Dell Storage Manager Improper Authentication Vulnerability

Dell Storage Manager is a centralized storage management tool from Dell that is used to manage storage devices such as SC Series, PS Series and FluidFS, providing unified monitoring, configuration and replication capabilities. An improper authentication vulnerability exists in Dell Storage Manage...

9.8CVSS9.3AI score0.00821EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/29 12:0 a.m.•6 views

Microsoft Azure Event Grid System Access Control Error Vulnerability

Microsoft Azure Event Grid System is a fully managed event routing service system from Microsoft Corporation, USA. The Microsoft Azure Event Grid System is vulnerable to an access control error vulnerability that stems from improper access control and could lead to elevation of privilege. An...

9.8CVSS6.8AI score0.00346EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Cinza Grid plugin cross-site scripting vulnerability

WordPress Cinza Grid plugin is a lightweight WordPress plugin based on Isotope Waterfall Layout for creating responsive grid layouts that support the presentation of posts, pages or custom content types. WordPress Cinza Grid plugin suffers from a cross-site scripting vulnerability that stems from...

6.4CVSS6AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•2 views

WordPress Clanora plugin file upload vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file upload vulnerability exists in the WordPress Clanora plugin that stems from the application's lack of effective validation of uploaded files. The vulnerability can be...

10CVSS7.8AI score0.00565EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•5 views

WordPress plugin easy-post-submission information disclosure vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin easy-post-submission,...

5.3CVSS5.7AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•5 views

Tenda AC6 AdvSetMacMtuWan function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the AdvSetMacMtuWan function failing to correctly validate the length of the input data, and can be exploited by an attacker to execute...

7.5CVSS8.2AI score0.00372EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Calendar Plus plugin cross-site scripting vulnerability

WordPress Calendar Plus plugin is a calendar plugin for WordPress to create and manage event calendars. WordPress Calendar Plus plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•2 views

WordPress AnyComment plugin SQL Injection Vulnerability

WordPress AnyComment plugin is a WordPress comment plugin based on React development, focusing on simplicity and speed. It provides basic commenting functionality and supports seamless migration from other plugins e.g. Jetpack, wpDiscuz, etc. and can be supported through GitHub or VK community...

8.5CVSS8.3AI score0.00386EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Captivate Sync plugin deserialization vulnerability

WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...

9.8CVSS7.5AI score0.00529EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•6 views

Tenda AC6 DhcpListClient Function Buffer Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the failure of the page parameter in the DhcpListClient function to correctly validate the length of the input data, and can be exploit...

7.5CVSS8.3AI score0.00446EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress All in One Time Clock Lite plugin unsafe direct object reference vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...

4.3CVSS6.8AI score0.00178EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•5 views

WordPress Advanced Coupons for WooCommerce Coupons plugin SQL Injection Vulnerability

WordPress Advanced Coupons for WooCommerce Coupons plugin is a free plugin designed for WooCommerce to enhance e-commerce marketing by extending coupon functionality. WordPress Advanced Coupons for WooCommerce Coupons plugin suffers from a SQL injection vulnerability that stems from the...

7.6CVSS8.3AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress AppExperts plugin information disclosure vulnerability

WordPress AppExperts plugin is a plugin for converting WordPress websites to iOS and Android mobile apps, with support for converting WooCommerce e-commerce platform features. WordPress AppExperts plugin suffers from an information disclosure vulnerability that originates from the insertion of...

5.8CVSS6.2AI score0.00271EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•2 views

WordPress Buddypress Plugin Missing Authorization Vulnerability

WordPress Buddypress Plugin is an open source social networking plugin developed by Automattic the parent company of WordPress for converting WordPress websites into fully functional social platforms. WordPress Buddypress Plugin suffers from a lack of authorization vulnerability, no details of th...

7.5CVSS6.8AI score0.00391EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•2 views

WordPress Plugin WP Gmail SMTP Message Leakage Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP Gmail SMTP, which...

5.8CVSS5.8AI score0.00271EPSS
Exploits0
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Plugin Accordion Missing Authorization Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress plugin Accordion, which can be...

6.3CVSS6.5AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•5 views

WordPress Plugin Academy LMS Elevation of Privilege Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress plugin Academy LMS due to the...

8.1CVSS6.8AI score0.00367EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Plugin Captcha.eu Server-Side Request Forgery Attack Vulnerability

WordPress Plugin Captcha.eu is a CAPTCHA plugin for the WordPress platform, which is mainly used to prevent bots from attacking and is also compliant with GDPR General Data Protection Regulation. WordPress Plugin Captcha.eu suffers from a server-side request forgery attack vulnerability that stem...

5.3CVSS7.1AI score0.00195EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Contact Form by Supsystic plugin cross-site scripting vulnerability

WordPress Contact Form by Supsystic plugin is a WordPress plugin for creating contact forms with drag-and-drop editing support that can be used without programming basics. The WordPress Contact Form by Supsystic plugin suffers from a cross-site scripting vulnerability that stems from the...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Plugin Simple Job Board Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Simple Job Board, which...

7.5CVSS5.7AI score0.00356EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•5 views

TOTOLINK N600R setWiFiBasicConfig function stack buffer overflow vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a stack buffer overflow vulnerability, which stems from the failure o...

7.5CVSS7.2AI score0.00537EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress CF7 Auto Responder Addon plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...

7.1CVSS6AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Plugin Acknowledgify Missing Authorization Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A lack of...

4.3CVSS6.7AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•2 views

WordPress Blockspare plugin sensitive information insertion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Blockspare plugin suffers from a sensitive information insertion vulnerability that originates from inserting sensitive information in sent data, which can be...

4.3CVSS6.5AI score0.00253EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•2 views

WordPress Boldermail plugin deserialization vulnerability

The WordPress Boldermail plugin is an email marketing and automation platform designed specifically for WordPress, allowing users to manage subscribers, design email templates and create automated workflows directly in the WordPress backend. WordPress Boldermail plugin suffers from a...

8.8CVSS7.6AI score0.00486EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Plugin MasterStudy LMS Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin MasterStudy LMS, which...

5CVSS5.7AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Billey plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Billey plugin, which stems from improper control over the filename of include or require statements, and can be exploited ...

8.1CVSS6.9AI score0.00488EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Breeze Checkout Plugin Missing Authorization Vulnerability

WordPress Breeze Checkout Plugin is a free and open source caching plugin developed by Cloudways, mainly used to optimize the loading speed and performance of WordPress websites. WordPress Breeze Checkout Plugin suffers from a lack of authorization vulnerability that stems from a lack of...

6.3CVSS6.9AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•14 views

WordPress plugin Addison deserialization vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A deserialization vulnerability exists in the WordPress plugin Addison, which arises from unsaf...

9.8CVSS6.8AI score0.00529EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•5 views

Tenda AC6 SetClientState function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the SetClientState function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...

7.5CVSS8.3AI score0.00372EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

Tenda AC6 SetSpeedWan Function Buffer Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the speeddir parameter in the SetSpeedWan function failing to properly validate the length of the input data, and can be exploited by an...

7.5CVSS8.3AI score0.00375EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

Tenda AC6 fast_setting_wifi_set function stack buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the ssid parameter in the fastsettingwifiset function failing to properly validate the length of the input...

7.5CVSS7.4AI score0.00362EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Child Themes plugin cross-site scripting vulnerability

WordPress Child Themes plugin is mainly used to simplify the creation and management of child themes, through automation tools to help users quickly generate child themes based on the parent theme. A cross-site scripting vulnerability exists in the WordPress Child Themes plugin, which stems from...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•6 views

Tenda AC6 openSchedWifi function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the openSchedWifi function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...

7.5CVSS8.3AI score0.00372EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•13 views

Tenda AC6 addressNat function stack buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the page parameter in the addressNat function failing to properly validate the length of the input data,...

7.5CVSS7.4AI score0.00385EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•8 views

WordPress bbPress Notify plugin cross-site scripting vulnerability

WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

TOTOLINK N600R sub_41773C function null pointer dereference vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a null pointer dereference vulnerability, which stems from the presen...

7.5CVSS6.8AI score0.01654EPSS
Exploits1References1
Total number of security vulnerabilities131179