Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress bbp-move-topics plugin cross-site scripting vulnerability

WordPress bbp-move-topics plugin is an open source forum plugin for WordPress , developed by Automattic , supports users to manage forums through the WordPress backend . WordPress bbp-move-topics plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Bg Book Publisher plugin cross-site scripting vulnerability

WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

6.4CVSS6.1AI score0.00176EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress auto-login-after-registration plugin cross-site scripting vulnerability

WordPress auto-login-after-registration plugin is mainly used to realize the function of automatically logging in the account after the user completes the password reset or registration, which belongs to the user management plugin. A cross-site scripting vulnerability exists in the WordPress...

7.1CVSS6.3AI score0.00283EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•3 views

WordPress Businext plugin file inclusion vulnerability

WordPress Businext plugin is a WordPress theme designed for business and financial institutions, offering highly specialized features and layout options for scenarios such as official corporate websites, law firms, investment institutions, and more. WordPress Businext plugin suffers from a file...

8.2CVSS6.7AI score0.00488EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•4 views

WordPress Alone Theme plugin code injection vulnerability

The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...

10CVSS7.5AI score0.00482EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•8 views

WordPress Plugin IDonatePro Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin IDonatePro, which stems from...

6.5CVSS5.7AI score0.00314EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•9 views

WordPress bbPress Notify plugin cross-site scripting vulnerability

WordPress bbPress Notify plugin is a notification plugin designed for WordPress forum plugin bbPress to replace the default subscription system and provide more flexible and personalized email updates. WordPress bbPress Notify plugin suffers from a cross-site scripting vulnerability that stems fr...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•14 views

Tenda AC6 addressNat function stack buffer overflow vulnerability

Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the page parameter in the addressNat function failing to properly validate the length of the input data,...

7.5CVSS7.4AI score0.00385EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/24 12:0 a.m.•6 views

Tenda AC6 SetClientState function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the SetClientState function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...

7.5CVSS8.3AI score0.00372EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•9 views

ChurchCRM Deserialization Vulnerability

ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions exist deserialization vulnerability , the vulnerability stems from the file setup/routes/setup.php in the parameter DBPASSWORD/ROOTPATH/URL in the receipt of user-submitted serialized...

8.1CVSS7.6AI score0.00687EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•4 views

Mediawiki - ImageRating Extension Cross-Site Scripting Vulnerability

Mediawiki - ImageRating Extension is a plugin for generating and managing image rating features. Mediawiki - ImageRating Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

6.9CVSS6.2AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•3 views

Mediawiki - FlexDiagrams Extension Cross-Site Scripting Vulnerability

Mediawiki - FlexDiagrams Extension is an extension to MediaWiki for embedding and displaying diagrams or flowcharts in wiki pages. Mediawiki - FlexDiagrams Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•5 views

Mediawiki - CirrusSearch Extension Denial of Service Vulnerability

Mediawiki - CirrusSearch Extension is an extension for MediaWiki to provide advanced search functionality and enhance search efficiency. A denial of service vulnerability exists in Mediawiki - CirrusSearch Extension, which stems from an unrestricted resource allocation or throttling, and can be...

6.9CVSS6.8AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•3 views

Mediawiki - CentralAuth Extension Resource Disclosure Vulnerability

Mediawiki - CentralAuth Extension is an extension to MediaWiki designed for the Wikimedia project to manage cross-site user account merging, locking, renaming and other operations. A resource disclosure vulnerability exists in Mediawiki - CentralAuth Extension, which stems from the exposure of...

6.9CVSS6.4AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•5 views

Mediawiki - GrowthExperiments Extension Default Permission Error Vulnerability

Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A default permission error vulnerability exists in Mediawiki -...

6.9CVSS6.8AI score0.00389EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•2 views

Mediawiki - AdvancedSearch Extension Cross-Site Scripting Vulnerability

Mediawiki - AdvancedSearch Extension is an extension plugin for MediaWiki that enhances the search functionality, often used in conjunction with CirrusSearch and Elastica, to significantly improve search efficiency and accuracy. A cross-site scripting vulnerability exists in MediaWiki -...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•4 views

Apache Geode Cross-Site Request Forgery Vulnerability (CNVD-2025-25375)

Apache Geode is the Apache Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. Apache Geode suffers from a cross-site request forgery vulnerability, which arises when a web application...

8.8CVSS6.9AI score0.00332EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•4 views

ChanCMS /cms/model/hasUse File SQL Injection Vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...

7.2CVSS8.2AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•2 views

ChurchCRM Path Traversal Vulnerability

ChurchCRM is an open source CRM system for churches. ChurchCRM 5.18.0 and previous versions of path traversal vulnerability, the vulnerability stems from the file src/ChurchCRM/Backup/RestoreJob.php parameter restoreFile fails to correctly filter the resource or file path of the special elements,...

7.2CVSS7.1AI score0.00971EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•5 views

ZOHO ManageEngine ADManager Plus Command Injection Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

8.8CVSS7.8AI score0.04721EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•3 views

Mediawiki - GrowthExperiments Extension Cross-Site Scripting Vulnerability

Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A cross-site scripting vulnerability exists in Mediawiki - GrowthExperimen...

6.9CVSS6.1AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•5 views

Unspecified vulnerability in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29154)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from the lack of Secure and HTTPOnly...

5.3CVSS6.8AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•4 views

Unspecified Vulnerabilities in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 (CNVD-2025-29152)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which stems from an improperly set Content-Type...

10CVSS6.9AI score0.00238EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•4 views

Bank Locker Management System search parameter cross-site scripting vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the /search parameter, which can be exploited by an attacker to...

6.1CVSS6.2AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•3 views

ChanCMS Code Injection Vulnerability

ChanCMS is a content management system. A code injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which stems from the function getArticle in the file appmodulescmscontrollergather.js that fails to correctly filter the special elements of the constructed snippet. An attacker ca...

8.8CVSS8.1AI score0.00765EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•13 views

ChanCMS /cms/article/update file SQL injection vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter cid in the file /cms/article/update for externally entered SQL statements. An attacker can exploit this vulnerability t...

7.2CVSS8.2AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•5 views

ChanCMS /cms/article/findField File SQL Injection Vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of external SQL statements in the function findField in the file /cms/article/findField. An attacker can exploit this vulnerability to...

7.2CVSS8.2AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•5 views

OpenBao Resource Management Error Vulnerability

OpenBao is OpenBao open source a sensitive data management software . OpenBao version 2.4.1 before the resource management error vulnerability , the vulnerability stems from the JSON object deserialization may occupy too much memory , an attacker can use this vulnerability to cause a denial of...

7.5CVSS6.8AI score0.00647EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•3 views

Mediawiki - MultiBoilerplate Extensionmaste Cross-Site Scripting Vulnerability

Mediawiki - MultiBoilerplate Extensionmaste is an extension for MediaWiki that manages predefined boilerplates, allowing users to quickly insert blocks of reused text while editing a page. A cross-site scripting vulnerability exists in Mediawiki - MultiBoilerplate Extensionmaste, which stems from...

6.9CVSS6AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•2 views

Mediawiki - LastModified Extension Cross-Site Scripting Vulnerability

Mediawiki - LastModified Extension is a MediaWiki extension for displaying the last modified time of a page. Mediawiki - LastModified Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

6.9CVSS6.1AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•3 views

Mediawiki - ExternalGuidance Cross-Site Scripting Vulnerability

Mediawiki - ExternalGuidance is an extension for providing links or resources for external guidance. Mediawiki - ExternalGuidance suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

6.9CVSS6.1AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/23 12:0 a.m.•4 views

Mediawiki - LanguageSelector Extension Code Injection Vulnerability

Mediawiki - LanguageSelector Extension is an extension for MediaWiki to provide multi-language support, allowing users to select and configure the interface language. A code injection vulnerability exists in Mediawiki - LanguageSelector Extension, which stems from improper neutralization of speci...

8.8CVSS7.6AI score0.00324EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/22 12:0 a.m.•5 views

D-Link DIR-820L Access Control Error Vulnerability

The D-Link DIR-820L is a wireless router device from D-Link. An improper access control vulnerability exists in the D-Link DIR-820L version 1.06B02, which stems from the administrator password setup function not properly validating the authentication mechanism. An attacker can exploit this...

8.8CVSS7.4AI score0.00493EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/22 12:0 a.m.•1 views

ZOHO ManageEngine Applications Manager Information Disclosure Vulnerability (CNVD-2025-29926)

ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product has application performance management, fault management, report generation and SLA management and other functions. An information disclosure...

6.5CVSS6.3AI score0.00873EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/22 12:0 a.m.•3 views

Oracle Solaris Resource Management Error Vulnerability

Oracle Solaris is a Unix-like operating system developed by Oracle. A file system component vulnerability exists in Oracle Solaris version 11 that stems from a flaw in the system privilege validation mechanism. An attacker could use this vulnerability to cause a complete denial of service sustain...

5.5CVSS6.8AI score0.00134EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/22 12:0 a.m.•5 views

ZOHO ManageEngine Endpoint Central XML Injection Vulnerability

ZOHO ManageEngine Endpoint Central is a desktop management system from ZOHO. An XML injection vulnerability exists in ZOHO ManageEngine Endpoint Central, and no details of the vulnerability are available at this time...

5.3CVSS7.4AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/22 12:0 a.m.•7 views

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability (CNVD-2025-29927)

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability, the vulnerability is due to insufficient input validation. An attacker can...

8.8CVSS8.2AI score0.25214EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

D-Link Nuclias Connec Login Endpoint Observable Response Discrepancy Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from an observable response difference vulnerability that stems from the...

6.9CVSS7AI score0.00954EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress Ally plugin stack buffer overflow vulnerability

WordPress Ally plugin is a free and open source WordPress plugin, mainly used to improve the accessibility of the website Accessibility, to help users simplify the website accessibility process. A stack buffer overflow vulnerability exists in the WordPress Ally plugin, which originates from the...

4.3CVSS7.2AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Unspecified Vulnerability in HCL BigFix WebUI

HCL BigFix WebUI is a web based administration page of HCL India. A security vulnerability exists in HCL BigFix WebUI, which stems from an improper response to the HOST information in the HTTP header field, and can be exploited by an attacker to cause a host header poisoning attack...

6.1CVSS6.7AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Newforma Project Center Server Security Bypass Vulnerability

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A security bypass vulnerability exists in Newforma Project Cente...

9.8CVSS6.8AI score0.00346EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

WordPress FunKItools plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...

4.3CVSS6.7AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

D-Link DIR-852 HNAP1 File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

7.5CVSS7.8AI score0.01673EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Delta Electronics DIAScreen Out-of-Bounds Write Vulnerability

Delta Electronics DIAScreen is an intelligent desktop builder from Delta Electronics in China. An out-of-bounds write vulnerability exists in Delta Electronics DIAScreen, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.6AI score0.0015EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

HCL AION Information Disclosure Vulnerability (CNVD-2025-25460)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that is due to a trusted type in an unenforced script in the CSP. An attacker could exploit this vulnerability to cause a content security policy bypass...

9.8CVSS6.3AI score0.00247EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•5 views

Ivanti Secure Access Client Open Redirect Vulnerability

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. to enable remote secure access, supporting enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an open redirection vulnerability that originates from an...

6.1CVSS7.1AI score0.00172EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress Quick Featured Images plugin unsafe direct object reference vulnerability

WordPress Quick Featured Images plugin is a plugin for bulk editing and replacing featured images in WordPress. WordPress Quick Featured Images plugin suffers from an insecure direct object reference vulnerability that stems from the lack of validation of user control keys in the qfisetthumbnail...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

WordPress DocoDoco Store Locator plugin Arbitrary File Upload Vulnerability

WordPress DocoDoco Store Locator plugin is a WordPress plugin for creating a store locator page in your website that displays information about nearby stores via Google Maps. The WordPress DocoDoco Store Locator plugin suffers from an arbitrary file upload vulnerability that stems from a lack of...

7.2CVSS8.1AI score0.00648EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•4 views

Devolutions Server Improper Certificate Validation Vulnerability

Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server has an improper certificate validation vulnerability that originates from...

8.8CVSS6.6AI score0.00225EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/21 12:0 a.m.•3 views

WordPress Shortcode Button plugin cross-site scripting vulnerability

WordPress Shortcode Button plugin is a plugin or function to quickly insert buttons through a short code, mainly used to simplify the process of adding buttons to a page or post, support for custom styles and parameter settings. WordPress Shortcode Button plugin has a cross-site scripting...

6.4CVSS6.5AI score0.00271EPSS
Exploits0References1
Total number of security vulnerabilities131179