131179 matches found
WordPress Custom Searchable Data Entry System plugin missing privileges vulnerability
WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Tenda AC18 mac parameter stack buffer overflow vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the mac parameter in the fromAdvSetMacMtuWan function failing to properly valida...
Tenda CH22 formWrlsafeset function stack buffer overflow vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda. Tenda CH22 has a stack buffer overflow vulnerability, which originates from the parameter mitssidindex in the formWrlsafeset function in file /goform/AdvSetWrlsafeset that fails to correctly validate the length of the input data, which...
Tenda AC18 ddnsEn Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg fails to correctly...
Tenda AC18 wanSpeed Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the failure of the wanSpeed parameter in the fromAdvSetMacMtuWan function to...
Tenda AC18 wanMTU Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU parameter of the fromAdvSetMacMtuWan function failing to...
TOTOLINK N600R /cgi-bin/cstecgi.cgi file buffer overflow vulnerability
The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 300Mbps. The TOTOLINK N600R suffers from a buffer overflow vulnerability that originates from the...
TOTOLINK X18 setEasyMeshAgentCfg function mac parameter command injection vulnerability
TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the mac parameter in the setEasyMeshAgentCfg function faili...
AndSoft e-TMS Encryption Issue Vulnerability
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...
Tenda AC18 upnpEn Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter upnpEn in the file /goform/SetUpnpCfg fails to correctly...
TOTOLINK X18 setEasyMeshAgentCfg Function Command Injection Vulnerability
TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the failure of the agentName parameter in the...
Online Hotel Reservation System addslideexec.php file arbitrary file upload vulnerability
Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/addslideexec.php. No details of the vulnerabilit...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23568)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from a lack of effective filtering and escaping of user-supplied data in parameter l of the /clt/TRACKREQUEST.ASP file, which can be exploited by an...
WordPress Customify plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Customify plugin, which stems from missing or incorrect random number validation in the resetcustomizesection...
WordPress Featured Image from URL plugin cross-site scripting vulnerability
WordPress Featured Image from URL plugin is a plugin for solving WordPress website featured image FeaturedImage related problems. The WordPress Featured Image from URL plugin suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of custom...
WordPress Constructor plugin permission issue vulnerability
WordPress Constructor plugin is a framework for simplifying plugin development, mainly used to help developers quickly build and manage the plugin's components such as options pages, forms and custom fields. WordPress Constructor plugin suffers from a privilege issue vulnerability that stems from...
WordPress Easy Elementor Addons plugin cross-site scripting vulnerability
The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...
WordPress Block For Mailchimp plugin server-side request forgery vulnerability
WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
E-Commerce Website supplier_add.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter suppemail in the file /pages/supplieradd.php. An attacker can exploit this vulnerability to...
WordPress Chartify plugin Access Control Error Vulnerability
WordPress Chartify is a plugin for quickly building charts and graphs in your WordPress website, supporting both static and dynamic data visualization, compatible with 22 chart types including line charts, pie charts, bar charts, geographic charts and more. The WordPress Chartify plugin suffers...
WordPress Big Post Shipping for WooCommerce plugin cross-site scripting vulnerability
WordPress Big Post Shipping for WooCommerce plugin is a WooCommerce plugin that is mainly used to display real-time shipping quotes and logistics options in WooCommerce websites. The WordPress Big Post Shipping for WooCommerce plugin suffers from a cross-site scripting vulnerability that stems fr...
AndSoft e-TMS Cross-Site Scripting Vulnerability
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Online Shopping Portal Project login.php File SQL Injection Vulnerability
Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fullname in the file /shopping/login.php. An attacker...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23551)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS v25.03, which originates from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the fi...
AndSoft e-TMS Operating System Command Injection Vulnerability
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability, which is due to program misuse of parameter m in file /CLT/LOGINERRORFRM.ASP, and can be exploited by an attacker to execute operating system comman...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23555)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Tenda AC18 newVersion Parameter Stack Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter newVersion in the file /goform/setNotUpgrade fails to correct...
E-Commerce Website edit_order_details.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...
WordPress AP Background plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress AP Background plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of advparallaxback,...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23560)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
WordPress AP Background plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AP Background plugin that stems from missing or incorrect random number validation in the...
Tenda AC18 wifi_chkHz parameter stack buffer overflow vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet fails to...
AndSoft e-TMS SQL Injection Vulnerability (CNVD-2025-23569)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter USRMAIL in the file /inc/login/TRACKREQUESTFRMSQL.ASP. An attacker can...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Simple Banking System transfermoney.php File SQL Injection Vulnerability
Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /transfermoney.php. An attacker can exploit this vulnerability to execute...
AndSoft e-TMS Path Traversal Vulnerability
AndSoft e-TMS is a logistics management software from AndSoft Spain. A path traversal vulnerability exists in AndSoft e-TMS, which stems from the docurl parameter failing to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to gain access to a...
WordPress Cost Calculator Builder plugin unauthorized data modification vulnerability
WordPress Cost Calculator Builder plugin is a WordPress plugin for creating price estimation forms that supports quick generation of customized calculators via drag-and-drop form builder that can be embedded in website pages without programming. The WordPress Cost Calculator Builder plugin suffer...
Voting System voters_add.php File Upload Vulnerability
Voting System is an election system. Voting System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in file /admin/votersadd.php. An attacker can exploit this vulnerability to upload malicious files...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23558)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Beauty Parlour Management System search-appointment.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-appointment.php. An attacker ca...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23540)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMDJO.ASP, which can be exploited by an attacker to execute operating system commands...
WordPress AffiliateWP plugin SQL Injection Vulnerability
WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...
WordPress Copypress Rest API plugin code execution vulnerability
WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23541)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Tenda AC23 sscanf function buffer overflow vulnerability
Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. Tenda...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23536)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from the lack of effective filtering and escaping of user-supplied data by parameter m in file /lib/asp/alert.asp, and can be exploited by an attacke...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23545)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
E-Commerce Website product_add.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodname in the file /pages/productadd.php. An attacker can exploit this vulnerability to...