Lucene search
+L

131179 matches found

CNVD
CNVD
added 2025/10/13 12:0 a.m.7 views

WordPress Cost Calculator Builder plugin unauthorized data modification vulnerability

WordPress Cost Calculator Builder plugin is a WordPress plugin for creating price estimation forms that supports quick generation of customized calculators via drag-and-drop form builder that can be embedded in website pages without programming. The WordPress Cost Calculator Builder plugin suffer...

8.1CVSS6.7AI score0.00286EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

Tenda AC18 wifi_chkHz parameter stack buffer overflow vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet fails to...

9CVSS8.4AI score0.01147EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

Beauty Parlour Management System search-invoices.php File SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-invoices.php. An attacker can...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.9 views

AndSoft e-TMS Encryption Issue Vulnerability

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...

7.5CVSS6.8AI score0.00233EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

WordPress CTL Behance Importer Lite plugin SQL Injection Vulnerability

WordPress CTL Behance Importer Lite is a plugin for importing work from the Behance platform to a WordPress website, mainly used to help creators quickly migrate their work and optimize their website content management. The WordPress CTL Behance Importer Lite plugin suffers from an SQL injection...

8.6CVSS8.3AI score0.00312EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.7 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.4 views

Cyber Cafe Management System search.php file cross-site scripting vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file /search.php, which can be...

6.1CVSS6.3AI score0.00333EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.7 views

WordPress Eulerpool Research Systems plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

6.4CVSS6AI score0.0018EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.4 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23537)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...

6.9CVSS6.5AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.7 views

Simple Banking System removeuser.php File SQL Injection Vulnerability

Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /removeuser.php. An attacker can exploit this vulnerability to execute illeg...

8.8CVSS8.2AI score0.00306EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.3 views

WordPress All in One Music Player plugin path traversal vulnerability

WordPress All in One Music Player plugin is a plugin with integrated music playback functionality, mainly used for WooCommerce, Dokan, WCFM Marketplace and other multi-platform e-commerce systems. A path traversal vulnerability exists in the WordPress All in One Music Player plugin, which stems...

6.5CVSS6.7AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.4 views

WordPress Find Me On plugin SQL Injection Vulnerability

WordPress Find Me On plugin is a downgraded plugin that is mainly used to add social media link portals to your website. WordPress Find Me On plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The...

7.7CVSS8.3AI score0.00248EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

Beauty Parlour Management System invoices.php file SQL Injection Vulnerability

Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/invoices.php. An attacker can exploit...

9.8CVSS8.3AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

WordPress Ajax WooSearch plugin SQL Injection Vulnerability

WordPress Ajax WooSearch plugin is a plugin for enhancing the search functionality of your website, mainly used to improve the user experience, supporting real-time search and indexing of multiple content types. WordPress Ajax WooSearch plugin suffers from an SQL injection vulnerability that stem...

9.8CVSS8.1AI score0.00337EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23552)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.6 views

TOTOLINK X18 setEasyMeshAgentCfg function mac parameter command injection vulnerability

TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the mac parameter in the setEasyMeshAgentCfg function faili...

9.8CVSS8AI score0.01539EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.9 views

WordPress Epic Bootstrap Buttons plugin cross-site scripting vulnerability

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...

6.4CVSS6.1AI score0.00216EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23547)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.6AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.6 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23562)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.6AI score0.00192EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...

9.8CVSS8AI score0.01416EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.7 views

WordPress AffiliateWP plugin SQL Injection Vulnerability

WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...

7.5CVSS8.3AI score0.00336EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.7 views

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23561)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

6.1CVSS6.5AI score0.00181EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.6 views

AndSoft e-TMS SQL Injection Vulnerability (CNVD-2025-23569)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter USRMAIL in the file /inc/login/TRACKREQUESTFRMSQL.ASP. An attacker can...

9.8CVSS8AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/13 12:0 a.m.19 views

WordPress Blappsta Mobile App plugin SQL Injection Vulnerability

WordPress Blappsta Mobile App plugin is a plugin that converts WordPress websites into native iOS and Android mobile apps. The WordPress Blappsta Mobile App plugin suffers from a SQL injection vulnerability that stems from the application missing validation of SQL statements in the nhynaacomments...

7.5CVSS8.1AI score0.00338EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/09 12:0 a.m.4 views

ERPNext inventory_dimensions_dict parameter SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...

8.2CVSS8AI score0.00315EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/09 12:0 a.m.5 views

Apache Fory Deserialization Vulnerability

Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...

9.8CVSS8.1AI score0.41255EPSS
Exploits2References1
CNVD
CNVD
added 2025/10/09 12:0 a.m.5 views

Apache Kylin Authentication Bypass Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...

7.5CVSS8AI score0.01224EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/01 12:0 a.m.13 views

VMware Tools for Windows Access Control Error Vulnerability

VMware Tools for Windows is a set of Windows-based, VMWare virtual machine enhancement tools from VMware, which are drivers provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with those of the host. A...

7.6CVSS6.7AI score0.00266EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/01 12:0 a.m.12 views

VMware Tools and VMware Aria Operations Elevation of Privilege Vulnerability

VMware Tools and VMware Aria Operations are both products of VMware, Inc. VMware Tools is an enhancement tool that comes with VMWare virtual machines and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard drives, as well as to synchronize the clocks of th...

7.8CVSS7.1AI score0.0788EPSS
Exploits3References1
CNVD
CNVD
added 2025/10/01 12:0 a.m.1 views

VMware Aria Operations Information Disclosure Vulnerability

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. VMware Aria Operations has a security vulnerability that could be exploited by an attacker to disclose other users'...

4.9CVSS6.8AI score0.00584EPSS
Exploits3References1
CNVD
CNVD
added 2025/10/01 12:0 a.m.7 views

VMware vCenter SMTP Header Injection Vulnerability

VMware vCenter is a virtualization management software from VMware. An SMTP header injection vulnerability exists in VMware vCenter, which can be exploited by an attacker to manipulate notification emails for scheduled tasks...

8.5CVSS7.3AI score0.00638EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/01 12:0 a.m.6 views

VMware NSX Weak Password Recovery Mechanism Vulnerability

VMware NSX is a network virtualization solution within VMware Cloud Foundation that enables administrators to deploy legacy and modern applications in a private/hybrid cloud.VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware, Inc. The platform includes features such as...

8.1CVSS6.9AI score0.01022EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/01 12:0 a.m.3 views

VMware Cloud Foundation and VMware NSX Username Enumeration Vulnerability

VMware Cloud Foundation and VMware NSX are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes capabilities for operations automation and infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation is an...

7.5CVSS6.5AI score0.00878EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.3 views

GNU Binutils elf_swap_shdr function buffer overflow vulnerability

GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the elfswapshdr function in the bfd/elfcode.h...

7.8CVSS7.1AI score0.00235EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.4 views

GNU Binutils bfd/elf-eh-frame.c File Heap Buffer Overflow Vulnerability

GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the bfdelfparseehframe function in the...

7.8CVSS7.1AI score0.00234EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.3 views

Simple Scheduling System addfaculty.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addfaculty.php file not securely filtering the falname parameter. No details of the vulnerability are provided at this time...

9.8CVSS8.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.3 views

Simple Scheduling System add.home.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that originates from not securely filtering the faculty parameter in the /add.home.php file. An attacker could exploit this vulnerability to obtain sensitive database...

9.8CVSS7.8AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.4 views

WordPress Plugin aThemes Addons for Elementor Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin aThemes Addons for Elementor, n...

6.5CVSS6AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.7 views

Tenda AC8 formSetServerConfig function buffer overflow vulnerability

Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from the formSetServerConfig function in the...

9CVSS8.3AI score0.034EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.3 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23371)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter targetaddr in the file /goform/diagtraceroute, which can be exploited by an attacker to cause remote command injectio...

8.8CVSS7AI score0.04125EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.5 views

Simple Scheduling System addsubject.php file SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addsubject.php file not securely filtering the subcode parameter. No details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.3 views

Project Monitoring System Cross-Site Scripting Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a cross-site scripting vulnerability that stems from the /onlineJobSearchEngine/postjob.php file not adequately filtering the txtapplyto parameter. No details of the vulnerability are available at thi...

5.4CVSS6.3AI score0.00264EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.4 views

Tenda CH22 formWrlExtraGet function buffer overflow vulnerability

Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from improper handling of the dips parameter in the formWrlExtraGet function in the /goform/GstDhcpSetSer file. An attacker can exploit this vulnerability to...

9CVSS8.3AI score0.00736EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.4 views

WordPress Plugin AR For WordPress Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...

9.6CVSS6.7AI score0.00159EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.5 views

Portábilis i-Educar Authorization Issues Vulnerability

Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. Portábilis i-Educar suffers from an authorization issue vulnerability, which can be exploited by an attacker to improperly authorize...

8.8CVSS7AI score0.00348EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.5 views

Simple Scheduling System addcourse.php File SQL Injection Vulnerability

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addcourse.php file not securely filtering the corcode parameter, no details of the vulnerability are available at this time...

9.8CVSS8.1AI score0.00384EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.4 views

Tenda AC18 Command Injection Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability that originates from the mishandling of the lanIp parameter by an unknown function in the...

8.8CVSS6.9AI score0.03741EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.3 views

Tenda AC18 Buffer Overflow Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a buffer overflow vulnerability, which originates from the /goform/WizardHandle file not performing effective boundary checking...

9CVSS9.2AI score0.00739EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.2 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23368)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...

8.8CVSS7AI score0.04125EPSS
Exploits1References1
CNVD
CNVD
added 2025/09/29 12:0 a.m.2 views

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23372)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter delvalue in the file /goform/deleteofflinedevice, which can be exploited by an attacker to cause a command injection...

8.8CVSS6.9AI score0.04125EPSS
Exploits1References1
Total number of security vulnerabilities131179