131179 matches found
ERPNext get_rfq_containing_supplier function SQL Injection Vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the txt parameter of the getrfqcontainingsupplier function against externally entered SQL statements. An attacker can...
QNAP Qsync Central Uncontrolled Resource Consumption Vulnerability
QNAP Qsync Central is the official private cloud synchronization service developed by QNAP for its Network Attached Storage NAS devices. QNAP Qsync Central suffers from an uncontrolled resource consumption vulnerability that can be exploited by attackers to cause a denial of service...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23564)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23561)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Online Course Registration /admin/edit-course.php File SQL Injection Vulnerability
Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter coursecode in the file /admin/edit-course.php. An attacker ca...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23563)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMoriginal.ASP, which can be exploited by an attacker to execute operating system...
Tenda AC15 newVersion Parameter Stack Buffer Overflow Vulnerability
Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 has a stack buffer overflow vulnerability, which originates from the parameter newVersion i...
Tenda AC15 ddnsEn Parameter Stack Buffer Overflow Vulnerability
Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol and is mainly designed for home network environment. Tenda AC15 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in th...
Online Hotel Reservation System Arbitrary File Upload Vulnerability
Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /admin/addexec.php. No details of the vulnerability a...
Online Hotel Reservation System addgalleryexec.php file arbitrary file upload vulnerability
Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System suffers from an arbitrary file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /admin/addgalleryexec.php. No details of the...
Tenda AC15 formsaveAutoQos function buffer overflow vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC15 version 15.03.05.18, which originates from the parameter enable in the file /goform/saveAutoQos that fails to correctly validate the length of the input data, and can be...
Beauty Parlour Management System customer-list.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/customer-list.php. An attacker can...
Beauty Parlour Management System search-invoices.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-invoices.php. An attacker can...
Beauty Parlour Management System manage-services.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/manage-services.php. An attacker can...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23559)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS SQL Injection Vulnerability
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the SessionID cookie parameter in file /inc/connect/CONNECTION.ASP. An attacker can us...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23542)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMBET.ASP, which can be exploited by an attacker to execute operating system...
E-Commerce Website /pages/supplier_update.php SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from improper filtering of SQL statements submitted by the parameter suppid in the /pages/supplierupdate.php file, which can be exploited by an attacker to gain unauthorized...
WordPress Backup Bolt plugin Arbitrary File Download Vulnerability
WordPress Backup Bolt plugin is a backup plugin for WordPress websites, mainly used to automate the backup of website data including files, databases, etc., and support the recovery function. WordPress Backup Bolt plugin has an arbitrary file download vulnerability, which stems from a flaw in the...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23548)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
WordPress dbview plugin cross-site scripting vulnerability
WordPress dbview plugin is a plugin for database query and display , developed by John Akers. The plugin through AJAX technology to achieve real-time query and dynamic display of database data , support for the direct execution of SQL statements and visual presentation of the results . WordPress...
WordPress Chatwee plugin cross-site request forgery vulnerability
WordPress Chatwee plugin is a plugin for adding live chat functionality to your WordPress website with multi-language and internationalization support. The WordPress Chatwee plugin suffers from a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying...
WordPress ContentMX Content Publisher plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress ContentMX Content Publisher plugin that stems from the cmxactivateconnection function not adequately verifying...
WordPress Appy Pie Connect for WooCommerce plugin missing authorization vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Appy Pie Connect for WooCommerce plugin suffers from a missing authorization vulnerability that stems from a lack of authorization checks in the resetuserpassword...
WordPress Auto Bulb Finder plugin cross-site scripting vulnerability
WordPress Auto Bulb Finder plugin is a plugin for quickly checking vehicle bulb models in a WordPress website, supporting the retrieval of appropriate auto bulb specifications by year, make, model and other information. The WordPress Auto Bulb Finder plugin suffers from a cross-site scripting...
Tenda CH22 formSafeEmailFilter Function Memory Corruption Vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a memory corruption vulnerability that originates from the formSafeEmailFilter function parameter page in file /goform/SafeEmailFilter that fails to properly validate the length of the input data, which can ...
Tenda AC18 cloneType Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the cloneType parameter in the fromAdvSetMacMtuWan function failing to correctly...
Online Complaint Site /cms/users/complaint-details.php File SQL Injection Vulnerability
Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from improperly filtered SQL statements submitted in the /cms/users/complaint-details.php file, which can be exploited by an attacker to obtain sensitive data and mo...
WordPress All Social Share Options plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...
Hostel Management System Clickjacking Vulnerability
Hostel Management System is a hostel management system. Hostel Management System is vulnerable to clickjacking, which occurs when the program does not adequately protect HTML iframes.No details of the vulnerability are available at this time...
Simple Food Ordering System product.php File SQL Injection Vulnerability
Simple Food Ordering System is a simple food ordering system. The Simple Food Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Category in the file /product.php. An attacker can exploit thi...
Beauty Parlour Management System new-appointment.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/new-appointment.php. An attacker can...
Online Course Registration /admin/manage-students.php File SQL Injection Vulnerability
Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/manage-students.php. An attacker can...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23567)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
WordPress A Simple Multilanguage plugin cross-site scripting vulnerability
WordPress A Simple Multilanguage plugin is a plugin for implementing multilingual functionality on your website. WordPress A Simple Multilanguage plugin suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of asmp-switcher data, which can be...
WordPress AP Background plugin Arbitrary File Upload Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An arbitrary file upload vulnerability exists in the WordPress AP Background plugin, which stems from a lack of authorization and insufficient file validation in the...
Simple Banking System createuser.php File SQL Injection Vulnerability
Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /createuser.php. An attacker can exploit this vulnerability to execute...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23566)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
WordPress Community Events plugin SQL Injection Vulnerability
WordPress Community Events plugin is a plugin that allows users to submit events. Users can publish event information independently through the website form, while the administrator can retain the final right to review the calendar content. A SQL injection vulnerability exists in the WordPress...
WordPress Comment Info Detector plugin cross-site request forgery vulnerability
WordPress Comment Info Detector plugin is a WordPress plugin for displaying commenter browser and operating system information, developed by Kyle Baker. The WordPress Comment Info Detector plugin suffers from a cross-site request forgery vulnerability that stems from the options.php file not...
Tenda AC15 formfast_setting_pppoe_set function buffer overflow vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda AC15 formfastsettingpppoeset function, which can be exploited by an attacker to execute arbitrary code on the system or cause a denial of service...
WordPress Bei Fen plugin file inclusion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The ordPress Bei Fen plugin has a file inclusion vulnerability that stems from not doing effective filtering of local file resource calls, which can be exploited by an attacker ...
WordPress Any News Ticker plugin cross-site scripting vulnerability
WordPress Any News Ticker plugin is a functional plugin for adding dynamic scrolling news tickers to your website. WordPress Any News Ticker plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of any-ticker, which can...
Tenda AC20 sscanf function buffer overflow vulnerability
Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability, which originates from the incorrect operation of the sscanf function parameter timeZone in the file /goform/fastsettingwifiset, for which no detailed vulnerability details are available at this ti...
WordPress BP Direct Menus plugin cross-site scripting vulnerability
WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...
Beauty Parlour Management System sales-reports-detail.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the parameters fromdate and todate in the file /admin/sales-reports-detail.php for externally entered SQL statement...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23557)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from improper manipulation of parameter m. An attacker can exploit this vulnerability by sending a POST request to execute an operati...