131179 matches found
WordPress Cost Calculator Builder plugin unauthorized data modification vulnerability
WordPress Cost Calculator Builder plugin is a WordPress plugin for creating price estimation forms that supports quick generation of customized calculators via drag-and-drop form builder that can be embedded in website pages without programming. The WordPress Cost Calculator Builder plugin suffer...
Tenda AC18 wifi_chkHz parameter stack buffer overflow vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet fails to...
Beauty Parlour Management System search-invoices.php File SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search-invoices.php. An attacker can...
AndSoft e-TMS Encryption Issue Vulnerability
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an encryption issue vulnerability that stems from the use of MD5 encrypted passwords, which can be exploited by an attacker to cause the disclosure of user credentials...
WordPress CTL Behance Importer Lite plugin SQL Injection Vulnerability
WordPress CTL Behance Importer Lite is a plugin for importing work from the Behance platform to a WordPress website, mainly used to help creators quickly migrate their work and optimize their website content management. The WordPress CTL Behance Importer Lite plugin suffers from an SQL injection...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
Cyber Cafe Management System search.php file cross-site scripting vulnerability
Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter searchdata in the file /search.php, which can be...
WordPress Eulerpool Research Systems plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23537)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameters l and reset of the /clt/changepassword.asp file, and can be...
Simple Banking System removeuser.php File SQL Injection Vulnerability
Simple Banking System is a simple banking system. Simple Banking System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /removeuser.php. An attacker can exploit this vulnerability to execute illeg...
WordPress All in One Music Player plugin path traversal vulnerability
WordPress All in One Music Player plugin is a plugin with integrated music playback functionality, mainly used for WooCommerce, Dokan, WCFM Marketplace and other multi-platform e-commerce systems. A path traversal vulnerability exists in the WordPress All in One Music Player plugin, which stems...
WordPress Find Me On plugin SQL Injection Vulnerability
WordPress Find Me On plugin is a downgraded plugin that is mainly used to add social media link portals to your website. WordPress Find Me On plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The...
Beauty Parlour Management System invoices.php file SQL Injection Vulnerability
Beauty Parlour Management System is an application system. Beauty Parlour Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter delid in the file /admin/invoices.php. An attacker can exploit...
WordPress Ajax WooSearch plugin SQL Injection Vulnerability
WordPress Ajax WooSearch plugin is a plugin for enhancing the search functionality of your website, mainly used to improve the user experience, supporting real-time search and indexing of multiple content types. WordPress Ajax WooSearch plugin suffers from an SQL injection vulnerability that stem...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23552)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
TOTOLINK X18 setEasyMeshAgentCfg function mac parameter command injection vulnerability
TOTOLINK X18 is a Mesh WiFi 6 router system from TOTOLINK Taiwan, which supports WiFi 6 technology and optimizes home network coverage through the mesh function. TOTOLINK X18 suffers from a command injection vulnerability that stems from the mac parameter in the setEasyMeshAgentCfg function faili...
WordPress Epic Bootstrap Buttons plugin cross-site scripting vulnerability
WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23547)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23562)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23544)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of the parameter m in the file /clt/LOGINFRMCAT.ASP, which can be exploited by an attacker to execute operating system...
WordPress AffiliateWP plugin SQL Injection Vulnerability
WordPress AffiliateWP plugin an affiliate marketing plugin designed for the WordPress platform, mainly used to help users quickly build an affiliate program, track referrals, pay commissions and other functions. WordPress AffiliateWP plugin suffers from a SQL injection vulnerability that stems fr...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23561)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS SQL Injection Vulnerability (CNVD-2025-23569)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter USRMAIL in the file /inc/login/TRACKREQUESTFRMSQL.ASP. An attacker can...
WordPress Blappsta Mobile App plugin SQL Injection Vulnerability
WordPress Blappsta Mobile App plugin is a plugin that converts WordPress websites into native iOS and Android mobile apps. The WordPress Blappsta Mobile App plugin suffers from a SQL injection vulnerability that stems from the application missing validation of SQL statements in the nhynaacomments...
ERPNext inventory_dimensions_dict parameter SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that originates from the presence of SQL injection in the inventorydimensionsdict parameter, which can be exploited by an attacker to obtain database information...
Apache Fory Deserialization Vulnerability
Apache Fory is a JIT-based dynamic compilation and zero-copy technology based on multi- language serialization framework , designed for distributed systems and high-performance computing scenarios . Apache Fory suffers from a deserialization vulnerability that stems from unsafe deserialization of...
Apache Kylin Authentication Bypass Vulnerability
Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...
VMware Tools for Windows Access Control Error Vulnerability
VMware Tools for Windows is a set of Windows-based, VMWare virtual machine enhancement tools from VMware, which are drivers provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with those of the host. A...
VMware Tools and VMware Aria Operations Elevation of Privilege Vulnerability
VMware Tools and VMware Aria Operations are both products of VMware, Inc. VMware Tools is an enhancement tool that comes with VMWare virtual machines and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard drives, as well as to synchronize the clocks of th...
VMware Aria Operations Information Disclosure Vulnerability
VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. VMware Aria Operations has a security vulnerability that could be exploited by an attacker to disclose other users'...
VMware vCenter SMTP Header Injection Vulnerability
VMware vCenter is a virtualization management software from VMware. An SMTP header injection vulnerability exists in VMware vCenter, which can be exploited by an attacker to manipulate notification emails for scheduled tasks...
VMware NSX Weak Password Recovery Mechanism Vulnerability
VMware NSX is a network virtualization solution within VMware Cloud Foundation that enables administrators to deploy legacy and modern applications in a private/hybrid cloud.VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware, Inc. The platform includes features such as...
VMware Cloud Foundation and VMware NSX Username Enumeration Vulnerability
VMware Cloud Foundation and VMware NSX are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes capabilities for operations automation and infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation is an...
GNU Binutils elf_swap_shdr function buffer overflow vulnerability
GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the elfswapshdr function in the bfd/elfcode.h...
GNU Binutils bfd/elf-eh-frame.c File Heap Buffer Overflow Vulnerability
GNU Binutils is a set of binary tools developed by the GNU Project to handle the management, analysis and debugging of executables, target files and other binary files. A heap buffer overflow vulnerability exists in GNU Binutils, which stems from the bfdelfparseehframe function in the...
Simple Scheduling System addfaculty.php File SQL Injection Vulnerability
Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addfaculty.php file not securely filtering the falname parameter. No details of the vulnerability are provided at this time...
Simple Scheduling System add.home.php File SQL Injection Vulnerability
Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that originates from not securely filtering the faculty parameter in the /add.home.php file. An attacker could exploit this vulnerability to obtain sensitive database...
WordPress Plugin aThemes Addons for Elementor Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin aThemes Addons for Elementor, n...
Tenda AC8 formSetServerConfig function buffer overflow vulnerability
Tenda AC8 is a dual gigabit wireless router from Tenda designed for fiber optic homes up to 1000 megabytes, supporting IPv6 protocol with intelligent network management. The Tenda AC8 suffers from a buffer overflow vulnerability that originates from the formSetServerConfig function in the...
D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23371)
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter targetaddr in the file /goform/diagtraceroute, which can be exploited by an attacker to cause remote command injectio...
Simple Scheduling System addsubject.php file SQL Injection Vulnerability
Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addsubject.php file not securely filtering the subcode parameter. No details of the vulnerability are available at this time...
Project Monitoring System Cross-Site Scripting Vulnerability
Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a cross-site scripting vulnerability that stems from the /onlineJobSearchEngine/postjob.php file not adequately filtering the txtapplyto parameter. No details of the vulnerability are available at thi...
Tenda CH22 formWrlExtraGet function buffer overflow vulnerability
Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from improper handling of the dips parameter in the formWrlExtraGet function in the /goform/GstDhcpSetSer file. An attacker can exploit this vulnerability to...
WordPress Plugin AR For WordPress Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin AR For WordPress, whi...
Portábilis i-Educar Authorization Issues Vulnerability
Portábilis i-Educar is an application from Portábilis. It can easily help you with basic and technical education. Portábilis i-Educar suffers from an authorization issue vulnerability, which can be exploited by an attacker to improperly authorize...
Simple Scheduling System addcourse.php File SQL Injection Vulnerability
Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the /schedulingsystem/addcourse.php file not securely filtering the corcode parameter, no details of the vulnerability are available at this time...
Tenda AC18 Command Injection Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability that originates from the mishandling of the lanIp parameter by an unknown function in the...
Tenda AC18 Buffer Overflow Vulnerability
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a buffer overflow vulnerability, which originates from the /goform/WizardHandle file not performing effective boundary checking...
D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23368)
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...
D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23372)
The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter delvalue in the file /goform/deleteofflinedevice, which can be exploited by an attacker to cause a command injection...