Lucene search
+L

131179 matches found

CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

WordPress Custom Searchable Data Entry System plugin missing privileges vulnerability

WordPress Custom Searchable Data Entry System plugin is a plugin for creating a searchable data entry system in your website that allows users to fill in information based on specific criteria and enables data matching queries. The WordPress Custom Searchable Data Entry System plugin suffers from...

9.1CVSS6.5AI score0.00307EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Tenda AC18 mac parameter stack buffer overflow vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the mac parameter in the fromAdvSetMacMtuWan function failing to properly valida...

7.5CVSS7.5AI score0.00458EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Tenda CH22 formWrlsafeset function stack buffer overflow vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda. Tenda CH22 has a stack buffer overflow vulnerability, which originates from the parameter mitssidindex in the formWrlsafeset function in file /goform/AdvSetWrlsafeset that fails to correctly validate the length of the input data, which...

10CVSS8.4AI score0.06192EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Tenda AC18 ddnsEn Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg fails to correctly...

9CVSS8.4AI score0.00988EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

Tenda AC18 wanSpeed Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which stems from the failure of the wanSpeed parameter in the fromAdvSetMacMtuWan function to...

7.5CVSS7.5AI score0.00458EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

Tenda AC18 wanMTU Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a stack buffer overflow vulnerability, which stems from the wanMTU parameter of the fromAdvSetMacMtuWan function failing to...

7.5CVSS7.4AI score0.0037EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

TOTOLINK N600R /cgi-bin/cstecgi.cgi file buffer overflow vulnerability

The TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, supporting concurrent operation in the 2.4GHz and 5GHz bands with a maximum wireless transfer rate of 300Mbps. The TOTOLINK N600R suffers from a buffer overflow vulnerability that originates from the...

9CVSS8.1AI score0.00958EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

TOTOLINK X18 setEasyMeshAgentCfg function mac parameter command injection vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the mac parameter in the setEasyMeshAgentCfg function faili...

9.8CVSS8AI score0.01539EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

AndSoft e-TMS Encryption Issue Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...

7.5CVSS6.8AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Tenda AC18 upnpEn Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter upnpEn in the file /goform/SetUpnpCfg fails to correctly...

9CVSS8.4AI score0.01147EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•11 views

TOTOLINK X18 setEasyMeshAgentCfg Function Command Injection Vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the failure of the agentName parameter in the...

9.8CVSS8AI score0.0102EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

Online Hotel Reservation System addslideexec.php file arbitrary file upload vulnerability

Online Hotel Reservation System is an online hotel reservation system. Online Hotel Reservation System has an arbitrary file upload vulnerability that stems from a lack of valid validation of uploaded files by the parameter image in the file /admin/addslideexec.php. No details of the vulnerabilit...

9.8CVSS7.2AI score0.00364EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23568)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from a lack of effective filtering and escaping of user-supplied data in parameter l of the /clt/TRACKREQUEST.ASP file, which can be exploited by an...

6.9CVSS6.5AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•7 views

WordPress Customify plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Customify plugin, which stems from missing or incorrect random number validation in the resetcustomizesection...

4.3CVSS6.8AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

WordPress Featured Image from URL plugin cross-site scripting vulnerability

WordPress Featured Image from URL plugin is a plugin for solving WordPress website featured image FeaturedImage related problems. The WordPress Featured Image from URL plugin suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of custom...

6.4CVSS6.1AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

WordPress Constructor plugin permission issue vulnerability

WordPress Constructor plugin is a framework for simplifying plugin development, mainly used to help developers quickly build and manage the plugin's components such as options pages, forms and custom fields. WordPress Constructor plugin suffers from a privilege issue vulnerability that stems from...

4.3CVSS6.7AI score0.00182EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

WordPress Easy Elementor Addons plugin cross-site scripting vulnerability

The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...

6.4CVSS6AI score0.00318EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

WordPress Block For Mailchimp plugin server-side request forgery vulnerability

WordPress Block For Mailchimp plugin is a plugin designed for WordPress to integrate Mailchimp's email subscription feature into a website. The WordPress Block For Mailchimp plugin suffers from a server-side request forgery vulnerability that stems from the mcbSubmitFormData function not...

4CVSS6.9AI score0.00285EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

E-Commerce Website supplier_add.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter suppemail in the file /pages/supplieradd.php. An attacker can exploit this vulnerability to...

9.8CVSS8.3AI score0.00367EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•13 views

WordPress Chartify plugin Access Control Error Vulnerability

WordPress Chartify is a plugin for quickly building charts and graphs in your WordPress website, supporting both static and dynamic data visualization, compatible with 22 chart types including line charts, pie charts, bar charts, geographic charts and more. The WordPress Chartify plugin suffers...

5.3CVSS7.1AI score0.00327EPSS
Exploits3References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•1 views

WordPress Big Post Shipping for WooCommerce plugin cross-site scripting vulnerability

WordPress Big Post Shipping for WooCommerce plugin is a WooCommerce plugin that is mainly used to display real-time shipping quotes and logistics options in WooCommerce websites. The WordPress Big Post Shipping for WooCommerce plugin suffers from a cross-site scripting vulnerability that stems fr...

6.4CVSS6.1AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

Online Shopping Portal Project login.php File SQL Injection Vulnerability

Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fullname in the file /shopping/login.php. An attacker...

6.5CVSS8.3AI score0.0024EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23551)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS v25.03, which originates from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the fi...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

AndSoft e-TMS Operating System Command Injection Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability, which is due to program misuse of parameter m in file /CLT/LOGINERRORFRM.ASP, and can be exploited by an attacker to execute operating system comman...

9.8CVSS8AI score0.01298EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23555)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Tenda AC18 newVersion Parameter Stack Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter newVersion in the file /goform/setNotUpgrade fails to correct...

9CVSS8.4AI score0.00762EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

E-Commerce Website edit_order_details.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

WordPress AP Background plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress AP Background plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of advparallaxback,...

6.4CVSS6.1AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23560)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

WordPress AP Background plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress AP Background plugin that stems from missing or incorrect random number validation in the...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•2 views

Tenda AC18 wifi_chkHz parameter stack buffer overflow vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet fails to...

9CVSS8.4AI score0.01147EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

AndSoft e-TMS SQL Injection Vulnerability (CNVD-2025-23569)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter USRMAIL in the file /inc/login/TRACKREQUESTFRMSQL.ASP. An attacker can...

9.8CVSS8AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•4 views

Simple Banking System transfermoney.php File SQL Injection Vulnerability

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /transfermoney.php. An attacker can exploit this vulnerability to execute...

8.8CVSS8.2AI score0.00306EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

AndSoft e-TMS Path Traversal Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. A path traversal vulnerability exists in AndSoft e-TMS, which stems from the docurl parameter failing to properly filter special elements in the path of a resource or file, and can be exploited by an attacker to gain access to a...

8.7CVSS7.1AI score0.00425EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

WordPress Cost Calculator Builder plugin unauthorized data modification vulnerability

WordPress Cost Calculator Builder plugin is a WordPress plugin for creating price estimation forms that supports quick generation of customized calculators via drag-and-drop form builder that can be embedded in website pages without programming. The WordPress Cost Calculator Builder plugin suffer...

8.1CVSS6.7AI score0.00286EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Voting System voters_add.php File Upload Vulnerability

Voting System is an election system. Voting System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in file /admin/votersadd.php. An attacker can exploit this vulnerability to upload malicious files...

9.8CVSS7AI score0.0041EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23558)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Beauty Parlour Management System search-appointment.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-appointment.php. An attacker ca...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23540)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMDJO.ASP, which can be exploited by an attacker to execute operating system commands...

9.8CVSS8AI score0.01416EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

WordPress AffiliateWP plugin SQL Injection Vulnerability

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

7.5CVSS8.3AI score0.00336EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•9 views

WordPress Copypress Rest API plugin code execution vulnerability

WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...

9.8CVSS7.9AI score0.00561EPSS
Exploits2References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23541)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•3 views

Tenda AC23 sscanf function buffer overflow vulnerability

Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. Tenda...

9CVSS8.3AI score0.00742EPSS
Exploits1References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23536)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which originates from the lack of effective filtering and escaping of user-supplied data by parameter m in file /lib/asp/alert.asp, and can be exploited by an attacke...

6.9CVSS6.5AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•5 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23545)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.6AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
•added 2025/10/13 12:0 a.m.•6 views

E-Commerce Website product_add.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodname in the file /pages/productadd.php. An attacker can exploit this vulnerability to...

9.8CVSS8.3AI score0.00367EPSS
Exploits1References1
Total number of security vulnerabilities131179