131179 matches found
WordPress bbp-move-topics plugin cross-site scripting vulnerability
WordPress bbp-move-topics plugin is an open source forum plugin for WordPress , developed by Automattic , supports users to manage forums through the WordPress backend . WordPress bbp-move-topics plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress Bg Book Publisher plugin cross-site scripting vulnerability
WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...
WordPress auto-login-after-registration plugin cross-site scripting vulnerability
WordPress auto-login-after-registration plugin is mainly used to realize the function of automatically logging in the account after the user completes the password reset or registration, which belongs to the user management plugin. A cross-site scripting vulnerability exists in the WordPress...
WordPress Businext plugin file inclusion vulnerability
WordPress Businext plugin is a WordPress theme designed for business and financial institutions, offering highly specialized features and layout options for scenarios such as official corporate websites, law firms, investment institutions, and more. WordPress Businext plugin suffers from a file...
WordPress Alone Theme plugin code injection vulnerability
The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...
WordPress Plugin IDonatePro Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin IDonatePro, which stems from...
WordPress bbPress Notify plugin cross-site scripting vulnerability
WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...
Tenda AC6 addressNat function stack buffer overflow vulnerability
Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the page parameter in the addressNat function failing to properly validate the length of the input data,...
Tenda AC6 SetClientState function buffer overflow vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the SetClientState function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...
ChurchCRM Deserialization Vulnerability
ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions exist deserialization vulnerability , the vulnerability stems from the file setup/routes/setup.php in the parameter DBPASSWORD/ROOTPATH/URL in the receipt of user-submitted serialized...
Mediawiki - ImageRating Extension Cross-Site Scripting Vulnerability
Mediawiki - ImageRating Extension is a plugin for generating and managing image rating features. Mediawiki - ImageRating Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
Mediawiki - FlexDiagrams Extension Cross-Site Scripting Vulnerability
Mediawiki - FlexDiagrams Extension is an extension to MediaWiki for embedding and displaying diagrams or flowcharts in wiki pages. Mediawiki - FlexDiagrams Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...
Mediawiki - CirrusSearch Extension Denial of Service Vulnerability
Mediawiki - CirrusSearch Extension is an extension for MediaWiki to provide advanced search functionality and enhance search efficiency. A denial of service vulnerability exists in Mediawiki - CirrusSearch Extension, which stems from an unrestricted resource allocation or throttling, and can be...
Mediawiki - CentralAuth Extension Resource Disclosure Vulnerability
Mediawiki - CentralAuth Extension is an extension to MediaWiki designed for the Wikimedia project to manage cross-site user account merging, locking, renaming and other operations. A resource disclosure vulnerability exists in Mediawiki - CentralAuth Extension, which stems from the exposure of...
Mediawiki - GrowthExperiments Extension Default Permission Error Vulnerability
Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A default permission error vulnerability exists in Mediawiki -...
Mediawiki - AdvancedSearch Extension Cross-Site Scripting Vulnerability
Mediawiki - AdvancedSearch Extension is an extension plugin for MediaWiki that enhances the search functionality, often used in conjunction with CirrusSearch and Elastica, to significantly improve search efficiency and accuracy. A cross-site scripting vulnerability exists in MediaWiki -...
Apache Geode Cross-Site Request Forgery Vulnerability (CNVD-2025-25375)
Apache Geode is the Apache Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. Apache Geode suffers from a cross-site request forgery vulnerability, which arises when a web application...
ChanCMS /cms/model/hasUse File SQL Injection Vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...
ChurchCRM Path Traversal Vulnerability
ChurchCRM is an open source CRM system for churches. ChurchCRM 5.18.0 and previous versions of path traversal vulnerability, the vulnerability stems from the file src/ChurchCRM/Backup/RestoreJob.php parameter restoreFile fails to correctly filter the resource or file path of the special elements,...
ZOHO ManageEngine ADManager Plus Command Injection Vulnerability
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
Mediawiki - GrowthExperiments Extension Cross-Site Scripting Vulnerability
Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A cross-site scripting vulnerability exists in Mediawiki - GrowthExperimen...
Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29154)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...
Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29152)
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from an improperly set Content-Type...
Bank Locker Management System search parameter cross-site scripting vulnerability
Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the /search parameter, which can be exploited by an attacker to...
ChanCMS Code Injection Vulnerability
ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...
ChanCMS /cms/article/update file SQL injection vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...
ChanCMS /cms/article/findField File SQL Injection Vulnerability
ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of external SQL statements in the function findField in the file /cms/article/findField. An attacker can exploit this vulnerability to...
OpenBao Resource Management Error Vulnerability
OpenBao is OpenBao open source a sensitive data management software . OpenBao version 2.4.1 before the resource management error vulnerability , the vulnerability stems from the JSON object deserialization may occupy too much memory , an attacker can use this vulnerability to cause a denial of...
Mediawiki - MultiBoilerplate Extensionmaste Cross-Site Scripting Vulnerability
Mediawiki - MultiBoilerplate Extensionmaste is an extension for MediaWiki that manages predefined boilerplates, allowing users to quickly insert blocks of reused text while editing a page. A cross-site scripting vulnerability exists in Mediawiki - MultiBoilerplate Extensionmaste, which stems from...
Mediawiki - LastModified Extension Cross-Site Scripting Vulnerability
Mediawiki - LastModified Extension is a MediaWiki extension for displaying the last modified time of a page. Mediawiki - LastModified Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...
Mediawiki - ExternalGuidance Cross-Site Scripting Vulnerability
Mediawiki - ExternalGuidance is an extension for providing links or resources for external guidance. Mediawiki - ExternalGuidance suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...
Mediawiki - LanguageSelector Extension Code Injection Vulnerability
Mediawiki - LanguageSelector Extension is an extension for MediaWiki to provide multi-language support, allowing users to select and configure the interface language. A code injection vulnerability exists in Mediawiki - LanguageSelector Extension, which stems from improper neutralization of speci...
D-Link DIR-820L Access Control Error Vulnerability
The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...
ZOHO ManageEngine Applications Manager Information Disclosure Vulnerability (CNVD-2025-29926)
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. An information disclosure...
Oracle Solaris Resource Management Error Vulnerability
Oracle Solaris is a Unix-like operating system developed by Oracle. A file system component vulnerability exists in Oracle Solaris version 11 that stems from a flaw in the system privilege validation mechanism. An attacker could use this vulnerability to cause a complete denial of service sustain...
ZOHO ManageEngine Endpoint Central XML Injection Vulnerability
ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO. An XML injection vulnerability exists in ZOHO ManageEngine Endpoint Central, and no details of the vulnerability are available at this time...
ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)
ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...
D-Link Nuclias Connec Login Endpoint Observable Response Discrepancy Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...
WordPress Ally plugin stack buffer overflow vulnerability
WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...
Unspecified Vulnerability in HCL BigFix WebUI
HCL BigFix WebUI is a web based administration page of HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an improper response to the HOST information in the HTTP header field, and can be exploited by an attacker to cause a host header poisoning attack...
Newforma Project Center Server Security Bypass Vulnerability
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security bypass vulnerability exists in Newforma Project Cente...
WordPress FunKItools plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...
D-Link DIR-852 HNAP1 File Command Injection Vulnerability
D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...
Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability
Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute code in the context of the current process...
HCL AION Information Disclosure Vulnerability (CNVD-2025-25460)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that is due to a trusted type in an unenforced script in the CSP. An attacker could exploit this vulnerability to cause a content security policy bypass...
Ivanti Secure Access Client Open Redirect Vulnerability
Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. to enable remote secure access, supporting enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an open redirection vulnerability that originates from an...
WordPress Quick Featured Images plugin unsafe direct object reference vulnerability
WordPress Quick Featured Images plugin is a plugin for bulk editing and replacing featured images in WordPress. WordPress Quick Featured Images plugin suffers from an insecure direct object reference vulnerability that stems from the lack of validation of user control keys in the qfisetthumbnail...
WordPress DocoDoco Store Locator plugin Arbitrary File Upload Vulnerability
WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...
Devolutions Server Improper Certificate Validation Vulnerability
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an improper certificate validation vulnerability that originates from...
WordPress Shortcode Button plugin cross-site scripting vulnerability
WordPress Shortcode Button plugin is a plugin or function to quickly insert buttons through a short code, mainly used to simplify the process of adding buttons to a page or post, support for custom styles and parameter settings. WordPress Shortcode Button plugin has a cross-site scripting...