Tenda AC15 newVersion Parameter Stack Buffer Overflow Vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 has a stack buffer overflow vulnerability, which originates from the parameter newVersion i...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23561)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

Online Hotel Reservation System addslideexec.php file arbitrary file upload vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/addslideexec.php. No details of the vulnerabilit...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23560)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

WordPress Copypress Rest API plugin code execution vulnerability

WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...

Beauty Parlour Management System invoices.php file SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/invoices.php. An attacker can exploit...

Tenda AC18 upnpEn Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter upnpEn in the file /goform/SetUpnpCfg fails to correctly...

Tenda AC20 sscanf function buffer overflow vulnerability

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability, which originates from the incorrect operation of the sscanf function parameter timeZone in the file /goform/fastsettingwifiset, for which no detailed vulnerability details are available at this ti...

WordPress AP Background plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AP Background plugin that stems from missing or incorrect random number validation in the...

WordPress ContentMX Content Publisher plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress ContentMX Content Publisher plugin that stems from the cmxactivateconnection function not adequately verifying...

TOTOLINK X18 setEasyMeshAgentCfg function mac parameter command injection vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the mac parameter in the setEasyMeshAgentCfg function faili...

Beauty Parlour Management System manage-services.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/manage-services.php. An attacker can...

WordPress Auto Bulb Finder plugin cross-site scripting vulnerability

WordPress Auto Bulb Finder plugin is a plugin for quickly checking vehicle bulb models in a WordPress website, supporting the retrieval of appropriate auto bulb specifications by year, make, model and other information. The WordPress Auto Bulb Finder plugin suffers from a cross-site scripting...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23543)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

Tenda AC18 ddnsEn Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg fails to correctly...

Tenda AC18 wanSpeed Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the failure of the wanSpeed parameter in the fromAdvSetMacMtuWan function to...

Tenda AC18 Username Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter Username in the file /goform/fastsettingpppoeset fails to...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23555)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

Tenda CH22 formSafeEmailFilter Function Memory Corruption Vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a memory corruption vulnerability that originates from the formSafeEmailFilter function parameter page in file /goform/SafeEmailFilter that fails to properly validate the length of the input data, which can ...

WordPress All Social Share Options plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...

Simple Banking System createuser.php File SQL Injection Vulnerability

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /createuser.php. An attacker can exploit this vulnerability to execute...

Simple Food Ordering System product.php File SQL Injection Vulnerability

Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /product.php. An attacker can exploit thi...

AndSoft e-TMS Operating System Command Injection Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability, which is due to program misuse of parameter m in file /CLT/LOGINERRORFRM.ASP, and can be exploited by an attacker to execute operating system comman...

Beauty Parlour Management System customer-list.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/customer-list.php. An attacker can...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23537)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23564)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23558)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

Online Hotel Reservation System editpicexec.php file arbitrary file upload vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/editpicexec.php. No details of the vulnerability...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23546)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...

WordPress BP Direct Menus plugin cross-site scripting vulnerability

WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...

E-Commerce Website /pages/supplier_update.php SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from improper filtering of SQL statements submitted by the parameter suppid in the /pages/supplierupdate.php file, which can be exploited by an attacker to gain unauthorized...

Apache Kylin Authentication Bypass Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...

Apache Fory Deserialization Vulnerability

Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...

ERPNext inventory_dimensions_dict parameter SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...

VMware Tools and VMware Aria Operations Elevation of Privilege Vulnerability

VMware Tools and VMware Aria Operations are both products of VMware, Inc. VMware Tools is an enhancement tool that comes with VMWare virtual machines and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard drives, as well as to synchronize the clocks of th...

VMware Tools for Windows Access Control Error Vulnerability

VMware Tools for Windows is a set of Windows-based, VMWare virtual machine enhancement tools from VMware, which are drivers provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with those of the host. A...

VMware Aria Operations Information Disclosure Vulnerability

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. VMware Aria Operations has a security vulnerability that could be exploited by an attacker to disclose other users'...

VMware vCenter SMTP Header Injection Vulnerability

VMware vCenter is a virtualization management software from VMware. An SMTP header injection vulnerability exists in VMware vCenter, which can be exploited by an attacker to manipulate notification emails for scheduled tasks...

VMware Cloud Foundation and VMware NSX Username Enumeration Vulnerability

VMware Cloud Foundation and VMware NSX are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes capabilities for operations automation and infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation is an...

VMware NSX Weak Password Recovery Mechanism Vulnerability

VMware NSX is a network virtualization solution within VMware Cloud Foundation that enables administrators to deploy legacy and modern applications in a private/hybrid cloud.VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware, Inc. The platform includes features such as...

Tenda AC18 Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a buffer overflow vulnerability, which originates from the /goform/WizardHandle file not performing effective boundary checking...

Tenda CH22 formWrlExtraGet function buffer overflow vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from improper handling of the dips parameter in the formWrlExtraGet function in the /goform/GstDhcpSetSer file. An attacker can exploit this vulnerability to...

Employee Record Management System myprofile.php File Cross-Site Scripting Vulnerability

Employee Record Management System is an employee record management system. The Employee Record Management System suffers from a cross-site scripting vulnerability that arises from insufficient filtering of the First name parameter in the /myprofile.php file. An attacker can exploit this...

Simple Scheduling System addcourse.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addcourse.php file not securely filtering the corcode parameter, no details of the vulnerability are available at this time...

Simple Scheduling System addroom.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the failure of the /schedulingsystem/addroom.php file to effectively filter the room parameter. No details of the vulnerability are available at this time...

Simple Scheduling System addtime.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System has a SQL injection vulnerability that originates from the starttime/endtime parameters in the /addtime.php file not being securely filtered. An attacker can exploit this vulnerability to execute malicious SQL comman...

Simple Scheduling System addsubject.php file SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addsubject.php file not securely filtering the subcode parameter. No details of the vulnerability are available at this time...

Simple Scheduling System addfaculty.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addfaculty.php file not securely filtering the falname parameter. No details of the vulnerability are provided at this time...

Tenda AC18 Command Injection Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability that originates from the mishandling of the lanIp parameter by an unknown function in the...